Collection #1 data dump exposes more than 772 million email addresses
One of the largest data leaks in recent memory strikes just one month into 2019
Renowned security researcher Troy Hunt yesterday revealed that a set of 772 million email addresses and passwords have been posted to a popular hacking forum, a breach he is referring to as Collection #1.
In a blog post, Hunt said he had received warnings from the cybersecurity community last week that the massive 87GB folder containing 12,000 files was available via popular download site MEGA.
Although the platform has since removed the files, they still exist on a popular hacking forum that remains unnamed. A post on the forum described the data as “a collection of 2000+ dehashed databases and Combos stored by topic.”
Collection #1 comprises many different individual data breaches from ‘literally thousands’ of sources, said Hunt, making it the largest single breach ever to be loaded onto Hunt’s “Have I Been Pwned” website, a service that notifies users whenever massive data breaches have occurred.
While Hunt cannot verify the accuracy of all the data, he noted that his own personal data was breached and was accurate.
Hackers can use bots to inject the data into a variety of internet services to fraudulently compromise accounts – in what is known as a credential stuffing attack.
It is recommended that you visit Have I Been Pwned to see if your details have been compromised. Simply enter your email address and Hunt’s service will let you know if you have been affected by this breach or by others.