Looks like hackers are trying to negotiate the sale of a new cache of user passwords online again. But is it a genuine data breach? A recent report circulating claims that 16 billion passwords are now available due to a ‘record-breaking data breach’, though many in the cybersecurity field dispute its accuracy.

The initial report originated from Cybernews, which claimed insight into a breach involving 10 billion passwords last year and 26 billion records prior. This raises an eyebrow about the frequency and legitimacy of these breaches.

It appears what’s at play is the compilation of previous breaches, likely thrown together into one very large file instead of representing a new incident. Bob Diachenko, the researcher cited, indicated the data comes from various old sources, contributing to that astonishing 16 billion number. So, this isn’t really a new breach but rather a revisionist assembly of data breaches spanning several years.

Cybersecurity experts such as vx-underground have commented on the situation, explaining it isn’t uncommon for data from various hacks to be gathered into such collections.

If you’re concerned about your password security, now is a good time to consider a password manager and enabling two-factor authentication. For checking if your login details have been compromised, tools like haveibeenpwned.com can be invaluable. Regardless of the veracity of these increasing numbers of supposed breaches, it’s imperative to maintain strong, unique passwords to mitigate your risk.