- A massive collection of email address and passwords was leaked online in a data breach known as “Collection #1.”
- It appears the data didn’t come from a single source, site, or company but is an aggregation that includes cracked passwords.
- You can check whether you’ve been affected on the website Have I Been Pwned.
A massive database containing 772,904,991 unique email addresses and more than 21 million unique passwords was recently posted to an online hacking forum, according to Wired.
The hack was first reported by Troy Hunt of the hack-security site Have I Been Pwned, which lets you check whether your email and passwords have been compromised and which sites your information was leaked from.
According to Wired, it appears that the breach, called “Collection #1,” doesn’t originate from one source but rather is an aggregation of 2,000 leaked databases that include passwords that have been cracked, meaning the protective layer that scrambles or “hashes” a password to prevent it from being visible has been cracked to be presented in a usable form on hacking forums.
Data in Collection #1 wasn’t put up for sale, as that in many leaks are. It was first on a popular cloud hosting site called Mega before being taken down, then posted on a public hacking site.
Collection #1 is among the largest data breaches in history, second only to Yahoo’s hack that affected as many as 3 billion users.
How to check whether you’re affected
One way to see if your email address or passwords have been included in Collection #1 is to check them on HaveIBeenPwned.com. The site’s founder, Troy Hunt, is a web security expert and educator who is well known in the technology security community.
Using HaveIBeenPwned.com involves typing in your email address and checking your password to see if its been seen in data breaches. If typing in your email address or passwords into this site makes you uncomfortable, you could simply assume that your info is available in the Collection #1 database and change your password on any account you have.
Once at the site, enter your email address. You can then scroll down and see whether your data was included in the Collection #1 leak.
There’s no easy way of finding out what information of yours is in the Collection #1 leak.
What you can do is head over to the “passwords” tab on the top of the Have I Been Pwned website and type in any passwords you can remember, especially those you use across different sites. If one has been “seen,” it’s time to change it on sites where you use it and stop using it altogether.
When you check on the website whether your email is part of the Collection #1 data, you’ll also likely see sites where you have accounts that were breached in the past. If you haven’t already changed your password on those sites, you should go ahead and do that.
And if you’ve been meaning to use a password manager like 1Password or LastPass, now is the time to sign up for one. Password managers make it easy to generate strong unique passwords for individual sites and accounts. Since the passwords generated by password managers are typically difficult to remember, the manager stores them so you can access them whenever you want to log in to a site.