Massive ‘Collection #1’ Breach Exposes 773 Million Emails, 21 Million Passwords

This is bad


Privacy and convenience

We generally need two variables to get an account online: Your email address and a password. These are used to identify you and they are usually stored securely on servers and we are only left to trust that these companies keep these crucial information safe from harmful third parties.

However, this never goes according to plan. We have seen countless stories of massive data breaches which leak email addresses and passwords to the dark web. Such info is either used to login to accounts or sold off to unscrupulous individuals in the dark web.

This latest breach compounds to the numerous breaches that are unfortunately revealed long after they happened. Troy Hunt, founder of Have I Been Pwned wrote a post detailing a huge breach that was directed to him by a number of people.

He calls this breach Collection #1 and the statistics around it are insane. It is 87GB in size, has 772,904,991 unique email addresses, 21,222,975 unique passwords and 1,160,253,228 unique combinations of email addresses and passwords.

Hunt says that he found his own personal data in the data dump, an email address and a password he used many years ago. “If you’re in this breach, one of more passwords you’ve previously used are floating for others to see,” he continues.

The 21 million passwords from Collection #1 have been added to the Pwned Passwords database, which has brought the total number of unique passwords to over 551 million. You can check whether your email address has been leaked by clicking here and if you want to check whether your passwords have been leaked, click here.

They give you a good idea of what email addresses or passwords you should stop using and either use new ones or use a password manager. It is quite sad that people still use dumb passwords even today and that has to change in 2018.


  1. Could you PLEASE stop asking people to go check their emails on the so called email checker!? ( That is allowing people to have their emails collected for free, without any effort for the people on the other end!!! Even worse if they actually put their passwords, and the collectors relate or tie an email and a password to a single browser together since they are definitely tracking the user on their end!!

Comments are closed.