"Collection #1" is the nickname of the latest dump of e-mail addresses and passwords—a stockpile of login credentials from a variety of confirmed and alleged data breaches. Reportedly, multiple other "collections" have also been discovered.
What's included in this data dump?
Collection #1 is reportedly one of the largest user credential data dumps to date, collecting e-mail addresses and passwords from thousands of sources, including previously known data breaches and some new alleged breaches. By the numbers, the dump includes roughly:
- 2.7 billion total records
- 1.2 billion unique e-mail address and password combinations
- 773 million unique e-mail addresses
- 21 million unique, plaintext passwords
As mentioned, there are other "collections" of data that were found as well, named Collection #2 through #5, "AP MYR&ZABUGOR #2," and "ANTIPUBLIC #1." The latter is presumably the so-called Anti Public Combo List, an old dump from December 2016.
Troy Hunt, the world's foremost expert on data breaches, has assessed Collection #1, but has not yet analyzed the additional collections to determine their scope and significance.
Was my e-mail address or password included?
Check out our related article, How to Avoid Getting Hacked After Data Breaches, to find out whether your e-mail address or password has ended up in Collection #1 or any other major dumps or breaches.
How can I learn more?
For more about Collection #1, check out Troy Hunt's article, The 773 Million Record "Collection #1" Data Breach.
Each week we talk about the latest Apple security news on the Intego Mac Podcast, so be sure to subscribe to make sure you don't miss any episodes. You'll also want to subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.