The data dump is just a subset of a much larger tranche of passwords made available on the dark web.
Over 773 million email addresses were exposed in the latest data breach called 'Collection #1'. The large-scale dataset was found to be years old. However, a security researcher claims that the 87GB dataset is a part of a much larger breach.
According to Krebs on Security, the data dump containing 773 million email addresses and 21 million unique passwords is just a subset of a much larger tranche of passwords made available on the dark web by a shadowy seller who goes by the name Sanixer on Telegram.
The current offerings of the seller is almost 1 Terabyte of stolen and hacked passwords and Collection #1 is a part of his dataset, available at a mere USD 45. The seller said that Collection #1 data is about 2-3 years old. But another dataset that he offers is less than a year old.
The security researchers indicate that the habit of collecting large amounts of credentials and posting it online is not new at all. The stolen data is used for things like phishing, blackmail and other indirect attacks. The core reason for data getting stolen is users' habits of using poor passwords or re-using old passwords making their accounts vulnerable to attacks.