A monster data leak called Collection #1 has been discovered. Collection #1 contains hundreds of millions of email addresses and tens of millions of passwords. Luckily, the data has been loaded into Have I Been Pwned, so it’s easy to see if you have been affected.
Data leaks seem to be getting more common. In 2015, there was the Ashley Madison leak, and in 2016, there was the AdultFriendFinder leak. However, the biggest so far is the Yahoo data leak, which saw all 3 billion Yahoo users affected. And now this…
Collection #1 Leaks Data Online
As detailed by Troy Hunt of Have I Been Pwned, a monster data leak has recently been doing the rounds. Collection #1 first appeared on MEGA, before being shared on a hacking forum. This means your login credentials may have been exposed to hackers.
New breach: The "Collection #1" credential stuffing list began broadly circulating last week and contains 772,904,991 unique email addresses with plain text passwords (now in Pwned Passwords). 82% of addresses were already in @haveibeenpwned. Read more: https://t.co/BAa3rbgZo4
— Have I Been Pwned (@haveibeenpwned) January 16, 2019
Collection #1 is mostly a compilation of previous data breaches. This means that even if your email address has been targeted, it may be from an old security incident. This hopefully means you’ve already changed your password, as you should do so regularly.
Have You Been Pwned by This Leak?
You can check whether your email address and/or password was leaked using Have I Been Pwned. Just head to the site and type your email address where indicated. You’ll then be informed whether your credentials have been leaked, or, as Hunt puts it, pwned.
If your email and/or password doesn’t show up then you’re fine. However, if it does show up on Have I Been Pwned you should change the password(s) associated with that account immediately. You should also avoid recycling the same password on multiple sites.
Learn to Protect Your Passwords
It’s always disheartening to learn that your credentials have been leaked. However, it’s a good wakeup call to start using better security practices. Always enable 2FA when it’s offered, and consider using a password manager. Here are the best password managers.
Image Credit: Marco Verch/Flickr