Collection #1 Breach Posts 773 Million Hacked Accounts for Sale

Credit:  Dave Clark Digital Photo/ShutterstockCredit: Dave Clark Digital Photo/Shutterstock

At this point Have I Been Pwned? should probably change its name to “How Badly Have I Been Pwned?” If the sheer number of data breaches occurring daily hasn't done it, the revelation that data related to 773 million accounts has been collected and put up for sale on the Dark Web dispels those delusions of non-pwnage. The breach is being called  Collection #1.

Collection #1 was revealed by “Have I Been Pwned?” creator Troy Hunt on January 17. Hunt said in a blog post that the collection is “a set of email addresses and passwords totaling 2,692,818,238 rows” that is “made up of many different individual data breaches from literally thousands of different sources.” Hunt noted that some of these records are “junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion.” (The jerks.) But he estimated that 99 percent is legit.

Once he cleaned up the data, Hunt determined that Collection #1 includes:

  •  772,904,991 unique email addresses
  • 21,222,975 unique passwords
  • 1,160,253,228 unique combinations of the two

The files containing these records were publicly available via the Mega cloud service, Hunt said. They’ve since been removed., but that doesn’t mean the information’s no longer available. The files are sure to continue being distributed via less public forums. Nothing from the internet truly disappears no matter how many times it’s taken down.

Hunt said he’s already updated Have I Been Pwned? and its companion Pwned Passwords. Using those services will tell you if your email address (via the former) or password (via the latter) have been compromised. The utilities have also been integrated with tools like Firefox Monitor and 1Password, which should make it easier for people who don’t keep up with cyber security news to see if their credentials were included in this hack. 

The recommended response to finding out your information was found in Collection #1 is the same as it is for every other data breach: change the password of any account using the compromised login data, enable two-factor authentication wherever possible and start using a password manager to help make sure a data breach at one site leaves your accounts with other sites vulnerable.