#Collection_1 Data Breach

On 17 January 2019, Troy Hunt (an Australian web security expert) published his discovery of a data breach he called Collection #1. Revealed was a collection of thousands of data breaches all uploaded onto Have I Been Pwned (HIBP). Within Collection #1 were: 772,904,991 identified email addresses and 21,222,975 unique passwords. Hunt was unable to verify the source of the data breach.

“However, what I can say is that my own personal data is in there and it’s accurate; right email address and a password I used many years ago. Like many of you reading this, I’ve been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public. Fortunately, only passwords that are no longer in use, but I still feel the same sense of dismay that many people reading this will when I see them pop up again.”
Troy Hunt, 17 January 2019, The 773 Million Record ‘Collection #1’ Data Breach.

Even though Hunt was unable to verify the validity of the breach nor what source was used to gather the account information, he still uploaded the breach into HIBP. Users name may check to see whether or not their information was listed for free on that platform. Hunt cited the fact this information was being distributed on popular hacking forum, and that around 10 million passwords were previously unidentified by the service.

The data breach included so-called “combos” which are pairs of username and passwords that can be used for credential stuffing. This could lead to accounts and other services being affected by this breach.

PLEASE CHANGE YOUR PASSWORDS.