After Collection #1 it did not took long until additional sets fo leaked account and password information appeared. Meanwhile there are Collection #2 to Collection 5.
All together there are more than 8,000,000,000 are meanwhile leaked. While I accept and actually think of systems being hacked at one point – remember it is not about the if, it is about the when – I cannot understand how actual passwords are stored.
As I did design a large multi-user system some years ago, we did not save clear text passwords in the system. We actually did even not transport the password from the client to the server in plain text. Said that, I still try to image how anyone could even think of storing passwords in plaintext.
If you are interested, if any of your password are leaked, you probably should check theIdentity Leak Checker service provided by the Hasso-Plattner-Institute.
I actually checked three mail addresses I usually use to sign in at various services.
As this is a mail address I don’t use to sign in at public services a lot, the result was not very surprising. Actually, that was I found an account to delete. For my second account this does not look that well. The mail address (and probably passwords) appear in Collections #1 to 2.
The same actually is true for my third and last address I do use for public services.
While I do reset passwords from time to time, it still is worrying that so many passwords have been leaked. I probably will change some passwords of my major accounts as well as I will delete some accounts I really won’t use anymore – or even have never used such as a MySpace account, I completely forgot about.
That way, the HPI Identity Leak Checker might help also to figure about forgotten accounts worth closing.