According to Wired, a massive database containing 772,904,991 unique email addresses and over 21 million unique passwords was recently posted to an online hacking forum. They suggest that the breach, called "Collection #1," doesn't originate from the one source but it is a collection of 2,000 leaked databases that included passwords which have since been cracked, meaning the protective layer that "hashes" a password to prevent it from being visible has been cracked to be presented in a usable form on the hacking forum.
Unusually, the data in Collection #1 wasn't put up for sale, as is the case with most data leakages. It was initially published on the popular cloud hosting site Mega before being taken down and posted on a public hacking site. This latest data leak is the second largest data breach in history, second only to Yahoo's hack which affected nearly 3 billion users.
How to check whether you're affected?
The hack was initially reported by Troy Hunt of IT security site Have I Been Pwned, which lets you check whether your email and passwords have been compromised and the sites your information has been leaked from. If you head over to https://haveibeenpwned.com, you can enter your email address and then scroll down and see whether your data was included in the Collection #1 leak.
There isn’t any easy way of finding out what information of yours is in the Collection #1 leak, however you can head over to the "passwords" tab on the top of the Have I Been Pwned website and type in any of the passwords you currently use, especially those you use across different sites. If one has been "seen," you should change it on any sites where you use it and stop using it going forward.
When you check on the website whether your email is part of the Collection #1 data, you'll also see any other compromised websites where you have accounts that were breached in the past. If you haven't already changed your password on those sites, you should change them also.