Big revelations of sensitive data are nothing new - But when it comes to pure quantity, there is a new challenger: A massive collection of over 772 million hacked accounts was found in a short period of time publicly available on the file sharing service Mega. The collection was named "Collection # 1" by security researcher Troy Hunt, who also runs the Have I Been Pwned service.


Massive data collection found

A massive collection of hacked accounts has been revealed - In an amount that rivals almost all previously found collections: Almost 773 million unique email addresses and over 21 million passwords were revealed. The data collection, which was discussed extensively in a well-known hacker forum, was for a while publicly available on the file sharing service Mega. The only time a collection has been released that rivals its size is Yahoo's incidents in 2013: Two attacks occurred in which 1 and 3 billion users were affected during each occasion.


Discovery and meaning

The collection was discovered by security researcher Troy Hunt. He named it "Collection # 1" after its folder structure. Hunt also runs the Have I Been Pwned service, a tool that allows regular users to see if their accounts have been compromised. On Hunt's website there is also a post which describes more clearly collection and its discovery.

But what does this data collection mean for ordinary users? According to Hunt, compromised accounts will be more vulnerable to credential stuffing - An attack that means hacked accounts are used to access the accounts of other users. This is especially worrying as the collection contains such a large amount of details. In addition to the large amount, 140 million addresses and 10 million passwords were also unique - which means that they do not exist in any of the other databases in Have I Been Pwned.

Do you think your details are in the collection? Test your account at Have I Been Pwned. The service not only shows if your account is found in Collection #1 but also checks other hacked data collections.


By Max Kardos, CYPRO.