WatchPoint Security Blog

Data Breach Containing 773 Million Emails Leaked Online

Written by Jordan Kadlec | January 18, 2019

A massive 87-gigabyte file containing 773 million unique email addresses as well as their associated cracked, or dehashed, passwords has been spotted on an online hacking forum. The file, dubbed as “Collection #1” was designed to be easily used in credential stuffing attacks.

What is Credential Stuffing?

Credential stuffing is when attackers take lists of email addresses and their associated passwords and use them to try and log into different websites. If there is a matching account using the same credentials, the attacks will then gain access to your data and potentially your financial assets.

Have I Been Pwned creator Troy Hunt discovered the collection on January 16th and immediately notified cybersecurity experts. Collection #1 is the largest breach in Hunt’s portfolio, which allows individuals to search whether your own email or passwords have been compromised by a breach at any point.

The Hack

It’s important to note that this is not a new data breach. Rather, it’s simply a collection of older ones placed into one, easily accessible file. Collection #1 consists of 2,800 different files containing leaked account information from many different data breaches. While the original data from the data breaches may have had encrypted passwords, the cybercriminal behind publishing Collection #1 converted them into dehashed passwords to make them easier to use in attacks.

When a password has been “hashed” it means that it has been turned into a scrambled representation of itself. A user’s password is taken and – using a key known to the site – the hash value is derived from the combination of both the password and the key, using a set algorithm. When a password has been dehashed, it has been turned back into its original form through continually generating hashes from passwords until matches have been found.

In a blog post, Hunt states that this collection contains over 1.1 billion unique combinations of email addresses and passwords, 773 million unique email addresses, and over 21 million unique passwords. This is by far the biggest collection of email addresses and passwords collectively leaked on underground forums.

How to Check Whether Your Email Has Been Compromised

Chances are, your email addresses and passwords have been compromised in earlier data breaches. Fortunately, Hunt created Have I Been Pwned, a site where you can submit your email address and see the data breaches where your account was exposed. Note: the site has been updated to include the 773 million unique email addresses included in Collection #1.

Below, you can see a screenshot of the website: haveibeenpwned.com. As you can see, nearly 6.5 BILLION email addresses have been compromised and are included on the website. By simply inputting your email address, you will be able to see whether your account has been compromised; or, as Troy Hunt likes to say – PWNED.

If you find your email address on the site (HINT: you will), make sure you have changed your passwords since the data breach occurred. If you ever become aware of future data breaches, make sure you change your passwords immediately.

As always, it’s important to create a unique password at every site where you create an account. While remembering unique passwords can be an extremely difficult task, we suggest you use a password manager to help organize your passwords.