Security & Privacy + Security News

Collection #1 (and #2–5) are the latest massive password dumps

Posted on by

“Collection #1” is the nickname of the latest dump of e-mail addresses and passwords—a stockpile of login credentials from a variety of confirmed and alleged data breaches. Reportedly, multiple other “collections” have also been discovered.

What’s included in this data dump?

Collection #1 is reportedly one of the largest user credential data dumps to date, collecting e-mail addresses and passwords from thousands of sources, including previously known data breaches and some new alleged breaches. By the numbers, the dump includes roughly:

  • 2.7 billion total records
  • 1.2 billion unique e-mail address and password combinations
  • 773 million unique e-mail addresses
  • 21 million unique, plaintext passwords

As mentioned, there are other “collections” of data that were found as well, named Collection #2 through #5, “AP MYR&ZABUGOR #2,” and “ANTIPUBLIC #1.” The latter is presumably the so-called Anti Public Combo List, an old dump from December 2016.

Troy Hunt, the world’s foremost expert on data breaches, has assessed Collection #1, but has not yet analyzed the additional collections to determine their scope and significance.

Was my e-mail address or password included?

Check out our related article, How to Avoid Getting Hacked After Data Breaches, to find out whether your e-mail address or password has ended up in Collection #1 or any other major dumps or breaches.

How can I learn more?

For more about Collection #1, check out Troy Hunt’s article, The 773 Million Record “Collection #1” Data Breach.

Each week we talk about the latest Apple security news on the Intego Mac Podcast, so be sure to subscribe to make sure you don’t miss any episodes. You’ll also want to subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →