Skip to main content

Collection #1 Breach Posts 773 Million Hacked Accounts for Sale

(Image credit: Dave Clark Digital Photo/Shutterstock)

At this point Have I Been Pwned? should probably change its name to “How Badly Have I Been Pwned?” If the sheer number of data breaches occurring daily hasn't done it, the revelation that data related to 773 million accounts has been collected and put up for sale on the Dark Web dispels those delusions of non-pwnage. The breach is being called  Collection #1.

Collection #1 was revealed by “Have I Been Pwned?” creator Troy Hunt on January 17. Hunt said in a blog post that the collection is “a set of email addresses and passwords totaling 2,692,818,238 rows” that is “made up of many different individual data breaches from literally thousands of different sources.” Hunt noted that some of these records are “junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion.” (The jerks.) But he estimated that 99 percent is legit.

Once he cleaned up the data, Hunt determined that Collection #1 includes:

  •  772,904,991 unique email addresses
  • 21,222,975 unique passwords
  • 1,160,253,228 unique combinations of the two

The files containing these records were publicly available via the Mega cloud service, Hunt said. They’ve since been removed., but that doesn’t mean the information’s no longer available. The files are sure to continue being distributed via less public forums. Nothing from the internet truly disappears no matter how many times it’s taken down.

Hunt said he’s already updated Have I Been Pwned? and its companion Pwned Passwords. Using those services will tell you if your email address (via the former) or password (via the latter) have been compromised. The utilities have also been integrated with tools like Firefox Monitor and 1Password, which should make it easier for people who don’t keep up with cyber security news to see if their credentials were included in this hack. 

The recommended response to finding out your information was found in Collection #1 is the same as it is for every other data breach: change the password of any account using the compromised login data, enable two-factor authentication wherever possible and start using a password manager to help make sure a data breach at one site leaves your accounts with other sites vulnerable.

  • Puntar
    Sure. Let me put my email and password into this website. LOL
    Reply
  • traxxmy
    "Nothing from the internet truly disappears no matter how many times it’s taken down."

    Yeah right. A lot of website review about my apps have gone disappear since Nokia fall. No even available on wayback machine on google cache. Can't even find a snapshot of my apps in Nokia store. Internet stuff will disappear if the host no interested and remove it from the server.
    Reply
  • rbgiantfan
    I agree with PUNTAR - my first reaction was, this is fake news trying to get me to enter my password.
    Reply
  • alowe
    Anything that asks you for your email on the front page is a scam. Be an idiot. Type it in.
    Reply
  • gblack
    Proof reading people....: "...start using a password manager to help make sure a data breach at one site leaves your accounts with other sites vulnerable."
    Reply
  • martinch
    21691778 said:
    Sure. Let me put my email and password into this website. LOL

    21692952 said:
    I agree with PUNTAR - my first reaction was, this is fake news trying to get me to enter my password.

    21693076 said:
    Anything that asks you for your email on the front page is a scam. Be an idiot. Type it in.

    Generally scepticism is a good principal, except that Have I Been Pwned is run by Troy Hunt, a well-respected InfoSec professional who largely makes his living through speaking at conferences and consultation, which somewhat relies on the reputation of things like Have I Been Pwned. A cursory query via a search engine would have revealed how Have I Been Pwned and Pwned Passwords work (e.g. posts by Hunt on security.stackexchange.com), and that they're "known good".
    Reply