Nearly 800M email records exposed in massive data breach

A massive data breach dubbed “Collection #1” exposed nearly 800 million email addresses and millions of passwords. Security expert Troy Hunt was alerted of the leaked data that was available for free download from popular MEGA cloud storage service. The data consisted of over 12,000 separate files and more than 87GB of data.

According to Hunt, some hacking forum posts suggest the breached data (since removed from the MEGA service) may have originated from over 2000 hacked databases. He also performed some analysis to help provide clues as to the alleged origins of each of the data breaches.

Here’s a breakdown of what Hunt found from the “Collection 1” data trove:

  • 773 million (772,904,991) email addresses
  • 1,160,253,228 unique combinations of email addresses and passwords
  • 2,692,818,238 rows in total that consist of email and passwords from thousands of data sources.

A screenshot of the Collection 1 root folder was also posted by Hunt:

Source: Troy Hunt

The email addresses were also uploaded to his Have I Been Pwned (HIBP) service, to help users check on whether their email addresses were breached.

Users are encouraged to use unique passwords on different sites and change passwords consistently. Two factor (or multi-factor) authentication is also strongly encouraged to mitigate potential threat of stolen passwords.

Hunt further recommends users get a password manager to store your passwords more securely and added: “The only secure password is the one you can’t remember.”