Security & Privacy + Security News

Collection #1 (and #2–5) are the latest massive password dumps

Posted on January 18th, 2019 by

"Collection #1" is the nickname of the latest dump of e-mail addresses and passwords—a stockpile of login credentials from a variety of confirmed and alleged data breaches. Reportedly, multiple other "collections" have also been discovered.

What's included in this data dump?

Collection #1 is reportedly one of the largest user credential data dumps to date, collecting e-mail addresses and passwords from thousands of sources, including previously known data breaches and some new alleged breaches. By the numbers, the dump includes roughly:

  • 2.7 billion total records
  • 1.2 billion unique e-mail address and password combinations
  • 773 million unique e-mail addresses
  • 21 million unique, plaintext passwords

As mentioned, there are other "collections" of data that were found as well, named Collection #2 through #5, "AP MYR&ZABUGOR #2," and "ANTIPUBLIC #1." The latter is presumably the so-called Anti Public Combo List, an old dump from December 2016.

Troy Hunt, the world's foremost expert on data breaches, has assessed Collection #1, but has not yet analyzed the additional collections to determine their scope and significance.

Was my e-mail address or password included?

Check out our related article, How to Avoid Getting Hacked After Data Breaches, to find out whether your e-mail address or password has ended up in Collection #1 or any other major dumps or breaches.

How can I learn more?

For more about Collection #1, check out Troy Hunt's article, The 773 Million Record "Collection #1" Data Breach.

Each week we talk about the latest Apple security news on the Intego Mac Podcast, so be sure to subscribe to make sure you don't miss any episodes. You'll also want to subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Business Administration and Computer and Information Security. His research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's security articles at security.thejoshmeister.com and follow him on Twitter. View all posts by Joshua Long →