He says he found it all recently on a popular hacking forum, where it had been uploaded to the cloud storage service MEGA, where it sat in a folder by under the name it's been given right now.
This specific data dump, called "Collection #1", is a stack of multiple leaked databases that include passwords that have been cracked and holds within itself 2.7 billion records.
Since so many users tend to use the same username and password everywhere, automated bots are used to execute what is known as "credential stuffing", which will test these known combinations on virtually every popular login page in a matter of minutes.
This assumption has little to do with any specific mistakes you've made, but because of how common data breaches are these days.
Hunt has called the data "Collection #1".
Hunt says it's hard to see where the info originated from, but it could have come from more than 2,000 leaked databases.
Milicias asesinaron a diez cascos azules de la ONU — En Mali
En 2015, el Gobierno de Bamako y grupos armados de la región firmaron un acuerdo de paz para restaurar la estabilidad en Mali .
So what does this mean for the average person?
Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows.
An old password of mine has been pwned.
Following one of the biggest data breaches in history, anyone with an email account should immediately do a quick check to see if their password is among the 700 million that have been hacked and shared online. While it is recommended that you use more robust passwords and utilize two-factor authentication for your online accounts, it more so falls on big businesses to better detect and block malicious traffic before these major breaches ever occur.
The web researcher also said that his own personal data was among the breached information, and urged people to check whether they too had been exposed via HIBP and via his other website, Pwned Passwords, where individuals can check whether their passwords have been compromised. These services allow you save all of your passwords on a secure system, giving you the ability to use extremely complex passwords, without needing to remember an intricate string of characters.