2.7 Billion Passwords Have Leaked in a Massive Breach

During the past few years or so, data breaches have been getting more and more common and that is a scary fact. Almost all our data now lives online and a breach could possibly mean having your data leaked to anyone, really.

However, no data breach compares to the magnitude of data leaked by the largest breach in history, namely Collection#1.


The term Collection#1 is a name given to the data consisting of emails and passwords spanning over 2,692,818,238 (2.69 billion) rows. The data is made up from previous data breaches and from thousands of other sources.

Troy Hunt, who initially revealed the breach on his own website, said that he was contacted by multiple people about a folder on a file-sharing site called MEGA. The root folder in the directory was named “Collection#1”.

The original data consisted of over 12,000 files and 87GB of data. All in all, there’s about 773 million unique records in the database, 140,000,000 email addresses, and 10,000,000 passwords.

What’s also shocking is the fact that all this data wasn’t available on some corner of the dark web, it was openly available on a popular file-sharing website and then got uploaded to a hacking forum.

It was open for everyone and anyone could have grabbed the data. Moreover, in data breaches like these, the passwords are usually in hashed form and in this leak, the majority were just there in plain, simple alphabets.

Does it affect you?

All these unique records have never been spotted in the Have I Been Pwned database ever before, according to Troy Hunt.

For those unaware, Have I Been Pwned is a website where you enter your email address and you can check whether your account has ever been compromised in a data breach or not.

Since the email addresses in this massive leak were not in the Have I Been Pwned database, there was no way to check where the breach took place. However, the database has now been updated and you can visit the website for yourself to check whether your account has been compromised or not.

How Can You Protect Yourself?

Your first step should be to check whether your email has been compromised or not and if it is, ideally, you should change your passwords but that is not a feasible solution (depending on the number of breaches). What you can do is secure your account for the future.

Always enable two-factor authentication wherever possible. It’s the single best thing you can do to secure your account and it makes sure that even if your email and password do get compromised, nobody will be able to get inside your account. Have I Been Pwned? also recommends using 1Password, a password storage service that generates a strong password for websites for you to use.

You can read the complete report here.

        • You may have been a step too late. Already in a compromised state BEFORE you went to two step.

          Change your password/s now. Change it/them on a regular bases, make this exercise a part of your regular computer clean up and house keeping.

          Make your passwords strong ones, then go to the two step verification process. These steps would give you added security.

            • Then it is hard to imagine how two step security failed you. Have you figured it out, how it came about? There must be a logical explanation. Your computer may have been compromised, someone logged onto it without you knowing it. May be through an email or a ‘free’ app?

    • Your hotmail may be safe due to 2-step verification, but you may be using the same email address on other websites.

    • Good point. I agree with you, they should go back to the Disqus platform. Disqus is far more flexible, popular and will attract more visitors and make this place interesting with varied opinions and ideas.

  • >