Security researcher Troy Hunt revealed that last week he was told that a popular hacking forum is discussing a public dataset on MEGA that has a capacity of more than 87GB, including 773 million email addresses and 21.22 million unique passwords. An image exposed on the forum shows that the root folder of the dataset is named “Collection #1”, so this time the data leak is called “Collection #1”.
According to Hunt’s blog, “In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion. (I found a combination of different delimiter types including colons, semicolons, spaces and indeed a combination of different file types such as delimited text files, files containing SQL statements and other compressed archives.)”
Hunt said that he checked the data set and found that his email address and old password were both inside and correct. Fortunately, the password is no longer used. Users can access his Have I Been Pwned service to see if their information has been compromised. The data set has been deleted but has been widely circulated according to the discussion data of the forum.