773M accounts affected by ‘Collection #1’ breach

The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames.

Titled ‘Collection #1’, the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large number of credential lists had been distributed on a known hacking forum.

The list included combinations of usernames, hashed and plaintext passwords.

This data breach may involve credentials for multiple users of businesses websites/services.

What is being done

The ACSC issued a notification to the owner/administrator of any potentially compromised account(s). At this time the ACSC is unable to provide any additional information on those users who have been affected by this breach.

What should you do

Regardless if you have been impacted, the ACSC emphasises the importance of changing passwords regularly, in combination with implementing strong passwords. The ACSC also advises users to implement multi-factor authentication on accounts where available.

To find out if your email has been compromised visit the Have I Been Pwned service managed by Troy Hunt.

To prevent this type of activity affecting your organisation, the ACSC recommends you review and implement the ACSC’s Essential Eight Strategies to Mitigate Cyber Security Incidents where appropriate.

The ACSC also recommends you review any available logs for ongoing malicious activity.

Further information

• Essential Eight Strategies to Mitigation: www.acsc.gov.au/infosec/mitigationstrategies.htm
• Have I Been Pwned: www.haveibeenpwned.com
• Troy Hunt ‘Collection #1’ blog post: www.troyhunt.com/the-773-million-record-collection-1-data-reach

Source: cyber.gov.au