Over 87GB of email addresses and passwords exposed in Collection 1 dump

An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found.
Written by Asha Barbaschow, Contributor
Image: Troy Hunt

Almost 773 million unique email addresses and just under 22 million unique passwords were found to be hosted on cloud service MEGA.

In a blog post, security researcher Troy Hunt said the collection totalled over 12,000 separate files and more than 87GB of data.

The data, dubbed Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows that has allegedly come from many different sources.

"What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see."

Some passwords, including his own, have been "dehashed", that is converted back to plain text.

Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. 

"The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote. 

The collection has since been removed.

You can use Hunt's Have I Been Pwned service to see if your information has been exposed.


Hackers breach and steal data from South Korea's Defense Ministry

Government says hackers breached 30 computers and stole data from 10.

Brute force and dictionary attacks: A guide for IT leaders

Brute force and dictionary attacks can threaten encrypted databases, password-protected documents, and other secure data, putting corporate assets at great risk. This ebook explains how the attacks work..

Employees sacked, CEO fined in SingHealth security breach

Two staff members have been fired for negligence and five senior management executives, including the CEO, were fined for their "collective leadership responsibility" in Singapore's most serious security breach, which compromised personal data of 1.5 million SingHealth patients.

Marriott sued hours after announcing data breach

One class-action lawsuit is seeking $12.5 billion in damages.

Amazon leaks users' email addresses due to 'technical error'

Company has notified today all impacted customers.

Why 31% of data breaches lead to employees getting fired (TechRepublic)

North America is the region where C-Suite leaders are most likely to be blamed for a breach.

Editorial standards