Collection 1 data breach covers more than 772 million email addresses

If you’re signed up for one of the many services that alerts you to data breaches when they’re discovered (if you’re not, you probably should be) then you likely have an email waiting for you. Troy Hunt runs Have I Been Pwned where he makes it his business to dig up these files as they’re being passed around by hackers, and has alerted the world to “Collection #1,” which claims to combine usernames and passwords from thousands of databases.

That includes some where the password data may have been stored encrypted, so if someone has managed to crack open a site where you had an account registered, it’s likely they have your info and know what password you were using. If you’ve logged into a customer support portal or some random forum with your email address and used the same password you use for your main email account, Netflix, Facebook or other accounts, then it could be trivially easy for someone to have that and use it to log in as you.

Unfortunately, for reasons Hunt explains in his blog post, it’s impossible to see what account or password may have been included via his site, which is why you should probably be using a password manager (if you have a truly unique password, you can see if it’s ever been exposed in one of the breaches on this page). That would make it easy to maintain unique passwords wherever you have accounts, and easily change them if there’s a breach.

So to recap — sign up for Have I Been Pwned, it’s free and can alert you to breaches quickly. Use unique passwords, which could be easier to do if you use a password manager like 1Password or LastPass, or even if you just write them down and store them securely, in addition to multifactor authentication where available. You can’t stop your information from popping up in breaches like this, but taking those steps can lower the risk of impact before your personal Facebook page starts offering deep discounts on Ray-Bans or someone in Latvia is adding to your Spotify playlists.

Leave a Reply