"Collection #1" Data Breach

One of the largest collections of breached data to date, comprised of millions of email addresses and other personal details, has been exposed on the web. Known as “Collection #1”, it was discovered by security researcher Troy Hunt, who maintains the website Have I been Pwned, where you can check if your account has been compromised in this or other data breaches.

The details:

Hunt sifted through more that 87 GB of data and identified a total of 772,904,991 unique email addresses and 21,222,975 unique passwords. You can read more about the findings in his blog post The 773 Million Record "Collection #1" Data Breach.

What we recommend you do:

  • Check your email address(es) at haveibeenpwned.com/ to see if you’ve been included in the “Collection #1” breach or any others. If so, change your password(s) now.

  • Take care to never reuse the same password on multiple sites. If you have, change those duplicates now. Password managers can help you keep track of all your passwords. Brown is investigating a possible enterprise-wide solution.

  • You may also want to check if your new password (or other existing ones) are exposed somewhere. You can do this at haveibeenpwned.com/Passwords.

  • Gmail, most apps and online accounts provide for two-factor authentication, so enable two-factor now wherever this is possible.

  • Finally, some have noted that the breached data is probably quite old (see Brian Krebs' post 773M Password 'Megabreach' is Years Old), and that the information is limited to email addresses and passwords (i.e., no credit card details or health records). And while it is possible that the breach does contain legitimate passwords, if you have been diligent about refreshing yours or have created them recently, you can probably relax and breath a sigh of relief about this particular 'megabreach'.

Other Sources:

General Alert
Security Alert

Written by pfalcon@brown.edu on