By aggregating the data from over 250 separate breaches, cybercriminals have created an easily accessed and usable treasure trove with 1.4 billion clear text login credentials, according to security researchers 4iQ.
If you're in the habit of reusing your credentials then this aggregated, interactive database which lets criminals query and receive responses in under a second should have you worried.
This isn't the first time criminals have pulled together data from multiple breaches, but it's there largest collection known and a step forward insofar as the database is organised hierarchically and is fully searchable.
If a threat actor wants to target a specific person then they can search for an email address and then grab a password, or set of passwords, that has been been used before to try and exploit other accounts.
Amongst the nuggets, a search for "admin," "administrator" and "root," returned 226,631 passwords used by administrators in seconds.
The data dump is a massive 41GB and 4iQ says 14 per cent of the passwords in the dump were previously un-decrypted with another 318 million previously unpublished user accounts in the data dump.
The challenge for most of us isn't following good password hygiene today by not reusing passwords, employing a good password management tool and using two-factor authentication where we can.
The real problem is old accounts we've forgotten about and the sheer volume of sites we've created a username/password for. Chances are we have all reused passwords and going back to fix all those is quite difficult.
In the mean time, I suggest changing the passwords to as many services as you can without re-using passwords, and turning on two-factor authentication where possible.
Morning & Afternoon Newsletter