‘Collection 1’ breach exposes 773M unique emails, 21M passwords

The large collection of files on the MEGA cloud service that exposed nearly 773 million unique emails and 21 million unique passwords and was posted on a hacking forum, came from a number of breaches and sources, according to security researcher Troy Hunt, who dubbed the breach “Collection 1.”

Hunt, who cleaned up the data and included it on his Have I Been Pwned site, notes it has since been removed from MEGA.

"Yet again, we are seeing a breach of proportions that were unimaginable only a few years ago," said Stan Lowe, Zscaler’s Global CISO. "We are becoming immune to such incidents, accepting that this kind of thing is now part of our daily lives, and there is where the danger lies.”

Referencing Joseph Stalin, who said 'A single death is a tragedy; a million deaths is a statistic,'” Lowe maintained, “We cannot and must not become complacent in the case of such breaches, accepting that this is just another security statistic to be added to end of year reports with the headline 'The worst year ever.'”

The Collection #1 breach is composed of “a set of email addresses and passwords totaling 2,692,818,238 rows,” Hunt wrote in a blog post, explaining that the total number of unique combinations of emails and passwords is more than 1.16 billion.

This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion,” he said. 

The data includes "dehashed" passwords that Hunt said “have been cracked and converted back to plain text,” confirming that he found his own information - exposing old passwords - within the dataset. 

After receiving a tip from one of his contacts, Hunt found the “data was being socialised” on a popular hacking forum. 

Calling Collection 1 a“colossal breach,” Will LaSala, director of security solutions, security evangelist at OneSpan, said for “criminals trading assets in underground forums, data from this breach could easily be cross-referenced with information lying elsewhere to bypass authentication. For the more high-risk accounts like banking accounts, this poses a very real fraud threat.”

The breach should “highlight the need for security reach beyond the password,” LaSala said, urging those impacted to “act fast to change any reused passwords, as the exposed credentials can be used by criminals in credential stuffing attacks to cause maximum damage across multiple other accounts.”

Zscaler’s Lowe contended it’s time to “start thinking about cybersecurity differently. Our economic future depends on it." 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.