Internet Security Tech News

Monster Data Leak Exposes Millions of Passwords

Dave Parrack 17-01-2019

A monster data leak called Collection #1 has been discovered. Collection #1 contains hundreds of millions of email addresses and tens of millions of passwords. Luckily, the data has been loaded into Have I Been Pwned, so it’s easy to see if you have been affected.


Data leaks seem to be getting more common. In 2015, there was the Ashley Madison leak, and in 2016, there was the AdultFriendFinder leak. However, the biggest so far is the Yahoo data leak All 3 Billion Yahoo Users Were Hit by Epic Hack Yahoo originally thought that 1 billion users had been caught up in its security breach of 2013. However, it turns out that all 3 billion Yahoo users were affected. Including you... Read More , which saw all 3 billion Yahoo users affected. And now this…

Collection #1 Leaks Data Online

As detailed by Troy Hunt of Have I Been Pwned, a monster data leak has recently been doing the rounds. Collection #1 first appeared on MEGA, before being shared on a hacking forum. This means your login credentials may have been exposed to hackers.

Collection #1 is mostly a compilation of previous data breaches. This means that even if your email address has been targeted, it may be from an old security incident. This hopefully means you’ve already changed your password, as you should do so regularly.

Have You Been Pwned by This Leak?

You can check whether your email address and/or password was leaked using Have I Been Pwned. Just head to the site and type your email address where indicated. You’ll then be informed whether your credentials have been leaked, or, as Hunt puts it, pwned.


If your email and/or password doesn’t show up then you’re fine. However, if it does show up on Have I Been Pwned you should change the password(s) associated with that account immediately. You should also avoid recycling the same password on multiple sites.

Learn to Protect Your Passwords

It’s always disheartening to learn that your credentials have been leaked. However, it’s a good wakeup call to start using better security practices. Always enable 2FA when it’s offered, and consider using a password manager. Here are the best password managers Is Your Password Manager Secure? 5 Services Compared Unless you have an incredible memory, there's no way you can possibly hope to remember all your usernames and passwords. The sensible option is to use a password manager -- but which is best? Read More .

Image Credit: Marco Verch/Flickr

Related topics: Data Security, Online Security, Password.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    January 18, 2019 at 1:07 pm

    Are email addresses ever removed from the HIBP database? If they are, under what circumstances?
    How does HIBP know that an address has been secured?
    If the email address, once it is secured again, is not removed from the HIBP database a false pwned positive will be issued.

    • Fik of the borg
      January 18, 2019 at 4:28 pm

      Just what I was thinking.
      I have just checked my email, and sure enough, it appears in the HIBP database. I panicked for a second until I screolled down and saw that it was listed in the long secured Dropbox breach of 2012.

  2. dragonmouth
    January 17, 2019 at 9:36 pm

    "Data leaks seem to be getting more common."
    Data leaks do not SEEM to be getting more common, they ARE getting more common. I would not be surprised if data leaks and database incursions did not occur on a daily basis. Unfortunately, what has not been getting more common is the disclosure of the leaks to the general public. Only when the leak affects hundreds of millions of users does the public find out. It is understandable that companies are loathe to disclose that their databases have been compromised. However, that makes the general computer users more vulnerable than they already are by not giving them a chance to protect themselves ASAP.

    • Angcf
      January 18, 2019 at 6:24 am

      How to prevent this happen