FacebookTwitterLinkedIn

Collection #1: The Monster Breach

Karolis Liucveikis Written by on

Data breaches have become a no longer ignorable fact of life. A fair amount of articles on this publication have dealt with breaches in their varying forms. From the record-breaking Equifax breach which was unrivaled in scale, to how much cash is to be made by hackers selling data acquired from a breach, 1.7 million USD for those interested. Even the consequences facing companies if breached. While the Equifax breach set all kinds of records for all the wrong reasons, news surfacing about “Collection #1” smashes all those nefarious records.

On January 17, 2019, security researcher Troy Hunt published an article detailing the discovery of email addresses and passwords exposed online. Mr. Hunt has called the breach “Collection #1” and the numbers are truly staggering. It consists of email addresses and passwords totaling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords with unique email addresses totaling 772,904,991. Then there are 21,222,975 unique passwords. It took the writer three read through attempts to try to make sense of the numbers and they are still unfathomable.

In total there is approximately 87GB of data in over 12,000 folders which was initially discovered on the cloud service, Mega. It is yet to be determined where exactly all the data originated from if it is even possible to do accurately at all. However, it is claimed to be a massive collection of over 2,000 leaked databases that contain passwords whose protective hashing has been cracked. Protective hashing is the process by which cached passwords are converted into a collection of cryptographic hashes with hashes been a collection of random-looking strings of characters into which the passwords have been mathematically transformed to prevent them from being easily discernible.

collection1 the data breach

Password hashing has many advantages with one of those being that if a hacker steals the hashed password the random data cannot be reversed to the normal text the user entered in creating the password. It is not unbreakable though. There already exists a large database of precomputed hashes to find the input of stolen password hashes. Once the hash has been decrypted the email and password combinations can be used in credential stuffing attacks. These attacks rely on attackers essentially throwing email and password combinations at a given site or service. The process is generally automated and preys on individuals who use the same password for multiple websites.

Could You Be Affected?

Given the sheer amount of data which has been exposed online assuming you will not be affected may be foolish. This is an incredibly serious security concern even though it seems no other data, like credit card details and identification numbers, were leaked. Luckily, Troy Hunt is the creator of the website, Have I Been Pwned, which allows anybody to search whether your own email or password has been compromised by a breach at any point. Currently, all the 87GB of data discovered has been loaded onto the website. Simply enter your email address and hope. If you have had your email exposed online there are measures you can take, the first being it is time to change your password and use more than one. This may seem like a chore but is better than struggling with the ramifications of identity theft.

What users can also do is download one of the numerous password manager software packages available. A password manager provides you with a secure vault for all your passwords to be stored. Many products also allow for the storing not of credit card and banking information securely along with your passwords. The sole purpose of such software is to keep passwords safe. Another advantage to password managers is they actually make logging into websites and apps easier. They are one of the few exceptions to the rule that adding more security to things makes life more difficult.

Overall Impact of Collection #1

One of the more troubling characteristics of this breach, it can be argued the entire affair is troubling, is that Mr. Hunt reported that around 140 million email accounts and over 10 million unique passwords in Collection #1 are new to Hunt’s database. This means they are not duplicates of other breaches, a tactic used by hackers to entice buyers for the data by trumping up the numbers by duplicating data. Also, this data was freely available whether, on Mega, it has subsequently been removed, or on popular hacking forums.

As the passwords were all in plain text another warning siren should be going off in reader’s heads. Hunt explains,

“These are all plain text passwords. If we take a breach like Dropbox, there may have been 68 million unique email addresses in there, but the passwords were cryptographically hashes making them very difficult to use,”

This shows that those behind the breach have technical prowess and have simultaneously allowed easier for script kiddies, inexperienced hackers with little technical knowledge, to abuse.

As mentioned above to make your online security more robust it is advised to use a password manager. Users are further advised to use two-factor authentication where possible. And please do not use the same password for every website you subscribe to, pay for, or simply use free features of. It is important to also remember that no security measure is unbreakable. Users should focus on making things as difficult as humanly possible for hackers. If it is too difficult to break it is often not worth the effort.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog