• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Whitepapers
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Whitepapers
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Follow us
    • Twitter
    • Newsletters
    • Facebook
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Trending
  • General election
  • Huawei sues FCC
  • Xerox vs HP
  • Galaxy S11
  • McAfee 2020
The Inquirer
  • Security

87GB data dump contains 'largest ever' collection of breached credentials

'Collection #1' reveals more than 772 million email addresses

87GB data dump reveals 'largest ever' collection of breached credentials
Collection #1 is chock full of info swiped in data breaches
  • Roland Moore-Colyer
  • Roland Moore-Colyer
  • @RolandM_C
  • 17 January 2019
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

THE LARGEST EVER collection of breached data has been uncovered by security researcher Troy Hunt, and found to contain more than 770 million email addresses and passwords.

Oh, and it was posted on a popular hacking forum last December.

Measuring in at a hefty 87GB, the data dump was dubbed "Collection #1" and according to Hunt, who runs the Have I been Pwned breach notification site, contains a swathe of data sucked up from different breaches and thousands of sources.

"In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion," said Hunt.

He added that unique email addresses totalled 772,904,991, nothing that "this number makes it the single largest breach ever to be loaded into HIBP."

As for unique passwords, Collection #1 contains 21,222,975 of them, even after Hunt cleansed the data if things like fragments of SQL statement.

While Hunt can't confirm all the origins of all the data sources in the list, he did note that he recognised many legitimate breaches listed in it.

This massive data dump is a nasty one as it provides hackers with a place to take data from and use for credential stuffing attacks that basically try and use the pinched passwords and emails to access other services. As ever, people who reuse passwords for multiple services are most at risk. 

"People take lists like these that contain our email addresses and passwords then they attempt to see where else they work," said Hunt.

"The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you've long since forgotten about, but because its subsequently been breached and you've been using that same password all over the place, you've got a serious problem."

Hunt recommends a password manager to help negate this risk, but the data dump is also indicative of how common data breaches are and how the data can be collected, collated and then used for nefarious means.

It kind of makes us what to sack off using the internet for a bit, but then all that porn is not going to watch itself. µ

Further reading

  • Security
China fingered as culprit behind the Marriott data breach
  • 12 Dec 2018
  • Security
Equifax mega-breach was 'entirely preventable', fumes US gov report
  • 11 Dec 2018
  • Controversy
People aren't wasting time suing Marriott after its enormous data breach
  • 03 Dec 2018
  • Security
Google accused of breaching GDPR with 'misleading' location tracking
  • 27 Nov 2018
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • data breach
  • passwords
  • credential stuffing
  • Security

INQ Latest

HackerOne coughs up £15k after its own member hacks itHacking me, hacking you...ah ha
HackerOne coughs up £15k after its own member hacks it

What can a hacker hack if a hacker hacks hackers...

  • Security
  • 05 December 2019
Pablo Escobar's brother launches a foldable phone with aim to blow past Apple
Pablo Escobar's brother launches a foldable phone with aim to blow past Apple

But we doubt people will be lining up to buy it

  • Phones
  • 05 December 2019
US charges Russian 'Evil Corp' hackers behind Dridex banking malware
US charges Russian 'Evil Corp' hackers behind Dridex banking malware

'Prolific' duo netted more than $100m in spree

  • Friction
  • 05 December 2019
Plex launches a free, ad-supported Netflix rival
Plex launches a free, ad-supported Netflix rival

But its library is lacking here in Blighty

  • Software
  • 05 December 2019
Back to Top

Most read

Apple's iPhone 12 might revive Touch ID with ultrasonic sensor
Apple's iPhone 12 might revive Touch ID with an ultrasonic sensor
Microsoft 365 set to arrive in Spring 2020 to unite the houses of Windows and Office
Microsoft 365 set to arrive in Spring 2020 to unite the houses of Windows and Office
John McAfee
John McAfee kicks off Presidential campaign with the aim of smashing the system
US rozzers might know you use a Ring doorbell
Amazon let cops see a heatmap of Ring doorbell users in their area
Moto's One Hyper smartphone is an all-screen machine
Moto's One Hyper smartphone is an all-screen machine
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • Newsletters
  • Facebook

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017