Hot topics

Over 772 million emails compromised in massive data breach

AndroidPIT privacy 4
© nextpit

There are data breaches, and then there's the whole damn wall coming down, Equifax-style. And now, the one breach to rule them all - so far. A new cache of leaked data posted to a hacking forum is a real record breaker. Known as Collection #1, it contains an amazing 772,904,991 unique email addresses and over 21 million unique passwords, in plain text for all to see.

The hacked data was was first brought to light by security researcher Troy Hunt. Hunt runs Have I Been Pwned, a popular website which lets you check whether your own email or password has been compromised by any breach. And the odds are very, very high that it has. 

According to Hunt, Collection #1 is the largest single collection of hacked details, and while a record breaker, it's worth noting that it's a compilation, a kind of master list aggregated from many smaller breaches, some dating back to 2015. The 772 million number doesn't count all the duplicate details Hunt scrubbed from the list (which included some of his own credentials) before uploading it to Have I Been Pwned.

Collection #1 as shown on Troy Hunt's site. / © Troy Hunt (Screenshot)

The original data collection had a staggering 2.7 billion rows of email addresses and passwords, including over a billion unique combinations of email addresses and passwords. Given that it said to be widely circulated on hacker forums and was available on fire-sharing site MEGA, there's a good chance that if you made the list, someone is going to abuse your credentials.

What is my data being used for?

A master list like this is most likely a resource for seem designed for use in 'credential-stuffing' attacks, in which hackers run an automated process that spams email and password combinations at an online service until it gets in. If you reuse passwords on different Internet services, then one cracked login combination will be tried with other services too. 

What do to?

Well, first up, go to Have I Been Pwned and check your email there to find out if you've been compromised. Then change your password. Or better yet, the prevention being better than the cure, use a dedicated password manager instead of re-using passwords manually. We've recommended Dashlane, but there are other options, including 1Password (partnered with Have I Been Pwned) and LastPass.


Have you been affected by the data breach? What steps do you recommend for online personal security?

Source: Troy Hunt

Best smartphones to buy in 2024

  The best Android phone The best iPhone Best camera phone Best mid-range 2023 Best Foldable Best compact foldable
Image Samsung Galaxy S23 Ultra Product Image Apple iPhone 15 Pro Product Image Google Pixel 8 Pro Product Image Google Pixel 7a Product Image OnePlus Open product image Samsung Galaxy Z Flip 5 Product Image
Review: Samsung Galaxy S23 Ultra
Review: Apple iPhone 15 Pro
Review: Google Pixel 8 Pro
Review: Google Pixel 7a
Review: OnePlus Open
Review: Samsung Galaxy Z Flip 5
Go to comment (1)
Nicholas Montegriffo

Nicholas Montegriffo

A cyberpunk and actual punk, Nicholas is the Androidpit team's hardcore gamer, writing with a focus on future tech, VR/AR, AI & robotics. Out of office, he can be found hanging around in goth clubs, eating too many chillies, or at home telling an unlucky nerd that their 8th level wizard died from a poisoned spike trap.

To the author profile
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
1 Comment
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • 49
    storm Jan 18, 2019 Link to comment

    The new content in this breach is not huge. Most of this is a compilation of earlier breaches. The pwned website also has a password checker. My emails are in the lists, but none of my passwords are. Just checking my email addresses is no longer useful as I know they're out there already.