Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Collection #1, the Biggest Data Breach Ever

Collection #1, the Biggest Data Breach Ever

By Leo S.Leo S. Verified by Adam B.Adam B. Last updated: July 28, 2024 (0)

Password

A new world record was achieved in January 2019, but sadly it’s not something to celebrate; nearly 773 million email addresses and 22 million passwords were hacked and published online in what was the biggest data breach to date. Cyber security expert Troy Hunt found an impressive file on MEGA – a file-sharing platform that is the successor of Megaupload – that was suitably named Collection #1, containing 87GB of compromised credentials.

The news quickly spread worldwide with many people fearing that their own online details ended up on some hacker’s monitor, and the urge to change passwords began. Obviously, a data leak is always a serious matter and this one in particular even dethrones Yahoo’s infamous 500 million data breach in 2016. But fortunately, this time the case may be not as bad as it seems.

More smoke than fire?

As Motherboard rightfully highlights, millions of email addresses and passwords are hacked daily, but what makes this case unique is the fact that Collection #1 is precisely what its name indicates: a collection of older data breaches.

There are newly compromised credentials as well, obviously, but the good news is that of the nearly 773 million unique email addresses and 22 million passwords composing Collection #1, ‘only’ 18% of the emails and half of the passwords are new entries on Have I Been Pwned‘s database. All the remaining were already listed on the website – which was created by none other than Troy Hunt – that anyone can use to check which of their addresses have been affected. This collection, therefore, is essentially a compilation of what’s believed to be more than 2,000 former data breaches, which someone with enough time and patience has put together into a single file.

In his in-depth research into the file published on MEGA – which has since been deleted from the platform but is still around on hacking forums – the security researcher found out that the impressive 87GB of data was mainly composed of .txt files. While the exact origin of Collection #1 is still unknown, the total unique combinations of email addresses and passwords are over a billion, though it’s highlighted that these are unfiltered results containing “different delimiter types including colons, semicolons, spaces and a combination of different file types”.

The massive file is organized into a directory of different folders and subfolders, each one with different contents such as “mail access combos”, “shopping combos”, “EU combos”, and much more. There are over 12,000 separate files in total and, according to the researcher, he himself has seen his own accurate personal data in there. As he underlines, the data affected “only passwords that are no longer in use” but that were stored as cryptographic hashes, which rings yet another alarm. Collection #1’s data breach also “contains ‘dehashed’ passwords which have been cracked and converted back to plain text”.

The importance of strong credentials and password managers

Whether your credentials are listed on Have I Been Pwned or not, the best approach is to play it safe and give all your services renewed passwords. It cannot be stressed enough that passwords are very important and that they should never be mistreated. Every service nowadays requires some sort of login information and opting for ‘123456789′, ‘password’ or any other cliched alternative is simply giving away access to attackers. It’s always a smart idea to create a strong, unique password that no one will be able to guess, by using random letters, numbers, and even symbols, for example.

Yes, these will obviously be impossible to remember, especially if you need to use multiple passwords that aren’t in any way related to you, which means avoiding initials and birthdays since they’re easily given away by social media profiles and put together relatively easily. The best solution to this is to use password managers, tools that can not only generate complex and unguessable passwords for you but will lock them all away in a secure digital vault as well. In turn, they are protected by a master password, so you’ll only have to remember a single combination of characters. Likewise, it’s advisable to create a relatively secure password for this as if someone is able to break into the vault, then everything is at risk.

In addition, two-factor authentication should always be used when available and the added protection of a VPN shouldn’t be discarded either, especially for those that connect to public hotspots often.


Best VPN services of 2024

Editor's choice 2024
NordVPN logo
Editor's rating:
(4.5)
Intuitive multiplatform apps
Double VPN and P2P support
Plenty of security features
Large VPN network with consistent speeds
Security
Surfshark logo
Editor's rating:
(4)
Intuitive multiplatform apps
Double VPN
WireGuard protocol
Outstanding device support
Multi-device users
IPVanish logo
Editor's rating:
(4.5)
Unlimited devices
No-log policy
24/7 support
Reliable security tools
Gaming
ExpressVPN logo
Editor's rating:
(4)
Extensive device support
Exceptional speed
Intuitive apps
Convenient extras
Traveling
CyberGhost VPN logo
Editor's rating:
(4.5)
Suitable for all VPN users
Great security features
Seven simultaneous connections
24/7 customer support
Streaming
ZoogVPN logo
Editor's rating:
(4.5)
24/7 customer service
Competitive price
Good connection speed
Based in Greece
Torrenting
Private Internet Access logo
Editor's rating:
(4.5)
Unlimited devices
DNS leak protection
Suitable for all users
Completely customizable
Beginners
TunnelBear logo
Editor's rating:
(4)
Very easy and fun to use
Kill switch and traffic obfuscato
Browser extensions and Chrome blocker
Good speeds
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us