‘Collection #1’ breach exposes a record 773 million email addresses
File photo.(REUTERS/Kacper Pempel)
Did you receive an email this morning informing you that your personal information was exposed in a data breach called Collection #1? You’re not alone, and it’s a reminder to take precautions like enabling two-factor authentication and signing up for apassword manager.
Security researcher Troy Hunt, who runs breach notification site Have I Been Pwned (HIBP), first reported the Collection #1 exposure. The massive trove of leaked data, which was posted to a hacking forum, includes some 772,904,991 unique email addresses and 21,222,975 unique passwords, Hunt said.
“Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows,” Huntexplainedin a Thursday blog post. “It’s made up of many different individual data breaches from literally thousands of different sources.”
Hunt said he first caught wind of the breach last week when several people pointed him to a suspicious collection of files on the cloud service Mega. The 87GB collection, which contained more than 12,000 files, has since been removed from Mega, but found its way to a “popular hacking forum,” he wrote.
“My own personal data is in there and it’s accurate; right email address and a password I used many years ago,” Hunt wrote. “If you’re in this breach, one or more passwords you’ve previously used are floating around for others to see.”
Some 768,000 of the 2.2 million people who use Hunt’sfree breach notification serviceare affected by this breach and received an alert. If you don’t use that service, you can easily check if your information was included in the breach byvisiting HIBPand entering your email address.
That tool won’t tell you which, if any, of your passwords leaked, but Hunt does offer a feature that lets you manually check your current passwords against a list of known breached ones. On the HIBP site, click “Passwords” at the top, then enter the password you’re concerned about it (HIBP won’t see your actual password, according to Hunt).
“My hope is that for many, this will be the prompt they need to make an important change to their online security posture,” Hunt wrote. “If you’re in this breach and not already using a dedicated password manager, the best thing you can do right now is go out and get one.”
We here at PCMag have evaluated two dozen of the bestpassword managersto help you choose. Our favorites include Keeper Password Manager & Digital Vault and Dashlane. If you’re short on money, check out our roundup of the best free password managers.