
87GB data dump contains 'largest ever' collection of breached credentials
'Collection #1' reveals more than 772 million email addresses

THE LARGEST EVER collection of breached data has been uncovered by security researcher Troy Hunt, and found to contain more than 770 million email addresses and passwords.
Oh, and it was posted on a popular hacking forum last December.
Measuring in at a hefty 87GB, the data dump was dubbed "Collection #1" and according to Hunt, who runs the Have I been Pwned breach notification site, contains a swathe of data sucked up from different breaches and thousands of sources.
"In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion," said Hunt.
He added that unique email addresses totalled 772,904,991, nothing that "this number makes it the single largest breach ever to be loaded into HIBP."
As for unique passwords, Collection #1 contains 21,222,975 of them, even after Hunt cleansed the data if things like fragments of SQL statement.
While Hunt can't confirm all the origins of all the data sources in the list, he did note that he recognised many legitimate breaches listed in it.
This massive data dump is a nasty one as it provides hackers with a place to take data from and use for credential stuffing attacks that basically try and use the pinched passwords and emails to access other services. As ever, people who reuse passwords for multiple services are most at risk.
"People take lists like these that contain our email addresses and passwords then they attempt to see where else they work," said Hunt.
"The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you've long since forgotten about, but because its subsequently been breached and you've been using that same password all over the place, you've got a serious problem."
Hunt recommends a password manager to help negate this risk, but the data dump is also indicative of how common data breaches are and how the data can be collected, collated and then used for nefarious means.
It kind of makes us what to sack off using the internet for a bit, but then all that porn is not going to watch itself. µ
Further reading
INQ Latest
HackerOne coughs up £15k after its own member hacks it
What can a hacker hack if a hacker hacks hackers...
Pablo Escobar's brother launches a foldable phone with aim to blow past Apple
But we doubt people will be lining up to buy it
US charges Russian 'Evil Corp' hackers behind Dridex banking malware
'Prolific' duo netted more than $100m in spree
Plex launches a free, ad-supported Netflix rival
But its library is lacking here in Blighty