“Collection #1” was found on MEGA cloud service

Giant database of leaked e-mails and passwords

Troy Hunt, security researcher and the owner of Have I Been Pawned service discovered an unprotected folder containing almost 773 millions unique email addresses and more than 21 million encrypted passwords.

The data was discovered after several people reached out to Troy, pointing him to a popular hacker’s forum where the data was being socialized. The root folder is called Collection #1 (that’s where the name of the breach came from).

The forum post referenced a collection of 2000+ dehashed databases and combos stored by topic. The origin of data remains unclear, however Hunt found out that some of the passwords and emails he used in the past were presented in the database, and the data was accurate.

After a few hours after discovery MEGA took down the Collection #1 from its service.

If your data is in the database, your email and password will be circulating in public. You can find out whether it’s the case or not by using Hunt’s service Have I Been Pawned.

There are more than a billion unique combinations of email addresses and passwords, although some of the data was dismissed, because of the way hackers store they findings. If you find yourself in HIBP database, it is recommended for you to change the password immediately, since the password is now open for others to see.

Collection #1 seems very random.

“It just looks like a completely random collection of sites purely to maximize the number of credentials avaliable to hackers. There’s no obvious patterns, just maximum exposure” – said Troy.

Credential stuffing is a popular technique used by hackers, which relies on users keeping the same password for all their accounts. After getting user’s credentials, hacker can try and enter any account based on that data, which is why it is highly recommended to frequently change your passwords and to use password managers for additional security.