Click to Skip Ad
Closing in...

The recent ‘Collection #1’ data breach that leaked 773M accounts is only the tip of the iceberg

Published Jan 18th, 2019 6:50AM EST
Collection #1 Data Breach
Image: Cultura/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Reports earlier this week revealed what’s being referred to “Collection #1,” an 87GB pile of data that included no less than 773 million unique email accounts and more than 21 million different passwords. In total, the database contained some 2.7 billion records, and we already told you how to check whether it contains your email account(s). It turns out that Collection #1 might be part of series of similar data collected from other online breaches, as someone out there has been hoarding all this data, and it’s making it accessible to nefarious actors for just $45.

After security researcher Troy Hunt posted details about Collection #1, a different security researcher you may already know revealed more information on the matter.

Brian Krebs explains that the hacker who’s selling access to the data talked to him over Telegram, sharing proof that reveals the entire database of hacked email addresses and passwords amounts to almost 1TB, which is more than ten times more data than the initial hack.

Krebs said that Collection #1 is not new, it’s about two to three years old. The biggest “Collection” file is actually Collection #2, which amounts to 526GB of data. As one of the screenshots shows, the price for lifetime access is at just $45.

What’s worse is that the hacker has access to some 4TB of password packages, which are less than one year old.

Yes, these revelations are scary, but you shouldn’t necessarily panic. If you’ve been doing passwords right, then it means that each online account that you may own has a unique, hard-to-crack password and that you’re managing everything with a password manager like 1Password. Add to some password changes over the years, especially once some of the online services you use were hacked, and you should be good. Even if hackers do have your email accounts on record, and even if they have the password for one of your many online accounts, they won’t be able to use it to hack sensitive properties like your online banking accounts, and anything that might help them steal personal details about you.

Image source: KrebsOnSecurity

Of course, not everybody out cares that much about passwords, that’s why people keep using dumb ones, the kind that can be easily guessed. What’s worse is that some people use the same password over and over, which is why these databases are an excellent resource for those people looking to steal the identity of others. One password may be enough to crack into a user’s various accounts. And an email account may be more valuable than you think, holding the keys to many online services, as seen in the illustration above.

If you’ve been using bad passwords, then there’s time to fix everything. Start by checking, if your data was compromised, and then start changing your passwords. All. Of. Them.

Read more about Krebs’ findings over at KrebsOnSecurity.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.