Over 772 million email addresses leaked in 'Collection #1' data breach

MANILA, Philippines – Troy Hunt, the proprietor of the Have I Been Pwned data breach notification service, announced another major data breach on Thursday, January 17, that leaked over 772 million email addresses and more than 21 million unique passwords.

According to Hunt, the information in the data trove – which formally listed 772,904,991 unique email addresses and 21,222,975 unique passwords appears to have been made up of different data breaches and different sources, with some of the information going as far back as 2008.

The trove, colloquially known as "Collection #1," was found on file-sharing service MEGA, which has taken the information down but not before it was shared on a hacking forum. It was 87GB in size and made of more than 12,000 files.

Hunt has loaded the information onto Have I Been Pwned so those not subscribed to Hunt's notification service can check the site to see if their email address was hit by the data breach. At the same time, 768,000 people who do subscribe to the automated notifications have already been told their information was breached.

Those worried about their email address or password can also check the subsite Pwned Passwords to confirm if a password they currently use has been compromised, thus boosting the need to set up a new password.

Those interested in securing their accounts will want to take Hunt's advice in his blog post and consider using a password manager and a strong, unique password for each online account you manage, in addition to enabling two-factor authentication where available. – Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.

image