Last week, an enormous database of email addresses and passwords was publicly exposed on the internet, leaving hundreds of millions of people vulnerable to fraud, scams, and hacking attempts. The database, known as “Collection #1,” could be the largest recorded public data breach in history.
First reported by cybersecurity expert Troy Hunt, Collection #1 contains 772, 904,991 million unique email addresses and 21,222,975 passwords. The database was uploaded to MEGA, a cloud storage service (it has since been taken down) and subsequently uploaded to hacker forums on the dark web. The database appears to contain login information from more than 2,000 websites.
Much of the data may be collected from earlier data breaches, though Hunt said that 140 million of the email addresses had not previously been exposed. Collection #1 also contained over 21 million unique passwords, though it’s unclear how many of those passwords are currently in use.
How Collection #1 Data Breach Could Affect You
Having your email address publicly leaked leaves you vulnerable to scams and phishing attempts. Hackers may send emails impersonating legitimate organizations in an attempt to convince you to provide personal information or to get you to click malicious links or download malware.
Compromised email and password combos make your other accounts vulnerable as well. In credential-stuffing attacks, hackers use bots to automatically test millions of emails and password combinations across many websites to gain access to accounts. If you use the same password across multiple websites, a hacker could break into your accounts using this method.
How to Protect Yourself From Credential-Stuffing
One of the best ways to protect yourself from credential-stuffing is to update your online accounts with strong, unique passwords. Password managers like LastPass, 1Password, and StickyPassword take some of the manual work out of this process and keep all your passwords secured in one place. You should also enable two-factor authentication for online accounts that offer the feature.
It’s a good idea to avoid clicking links or downloading attachments from emails, even if the email appears to come from a legitimate source.
In addition, you can monitor the internet for any signs that your data has been exposed. For example, an identity theft monitoring service tracks your personal information and alerts you if it is being publicly shared and actively monitors the dark web for personal information that may have been compromised.
Finally, you should watch your accounts and credit reports for signs of unauthorized use, fraudulent charges, and identity theft. Make sure to pay close attention to all your account activity, including credit card and bank account statements. At the same time, monitoring services can help you stay on top of your credit by watching for changes to your credit report and other signs of identity theft.