Skip to Content
Security & privacy

The mother of all data breaches is now three times bigger – 2 billion accounts exposed

Around two weeks ago, we reported about the “mother of all data breaches,” a cache of data that affects nearly three-quarters of a billion email accounts, more than 20 million passwords and about 2,000 leaked databases.

Listen to Kim’s take about this story and what it means to you in this free Komando podcast.

This 87GB treasure trove of information is now known as “Collection #1” and it’s actually a compilation of stolen credentials from a number of other data breaches dating back to 2008.

But as massive as Collection #1 is, it looks like it’s just a small fraction of what’s being peddled online. You won’t believe how much worse it actually is!

The greatest hits of data breaches

When news broke out about the existence of Collection #1, security researcher Troy Hunt managed to upload the data set to his leaked credential testing site HaveIbeenPwned.

However, Brian Krebs of security website KrebsOnSecurity said that Collection #1 is actually just a fraction of what’s being sold online. Apparently, a black market seller sent Krebs a screenshot showing the entire collection.

Aside from the 87GB Collection #1, at least four other collections exist — there’s the 526GB Collection #2, the 37GB Collection #3, the 178GB Collection #4, and the 42GB Collection #5. The price tag for “access lifetime” of these folders? A mere $45.

At the time of the Collection #1 reveal, the contents of Collections #2 to #5 were still largely unknown. Now, it appears that someone has stitched all these collections together into one colossal mega-collection that has 2.2 billion unique usernames and passwords!

2 billion records exposed

Wired reports that this 845GB mega-collection is now being publicly distributed online via hacker forums and torrent sites for free.

Security researchers from Germany’s Hasso Plattner Institute managed to get ahold of the files and their analysis revealed that the data in Collections #2-5 is almost three times the size of Collection #1 — around 25 billion records exposed!

Similar to Collection #1, Collections #2-5 also contain data that was lifted from older breaches (like LinkedIn, DropBox and Yahoo).

Why are old credentials still valuable to hackers, you may ask? Well, these massive databases are still used for a technique called “credential stuffing.” This is when someone feeds the credentials to an automated program that tries them all out on various websites, hoping that people have reused their passwords on multiple services.

And aside from prominent data breaches, these collections may also contain credentials from smaller websites that may have not been published before. This suggests that some of the passwords are being leaked for the first time, putting more accounts at risk of credential stuffing.

As of this writing, Collections #2-5 have not been uploaded to Troy Hunt’s HaveIbeenPwned website yet, but you can check your email address now with Hasso Plattner Institute’s own credential checker tool.

What now?

As usual, if you suspect that your accounts are part of older data leaks, it’s a good time to review all your online credentials. This is also a good reason why you should never ever reuse the same password for multiple online services and websites. Click here for new ways to come up with a secure password.

Additionally, if you haven’t done it yet, check your services if they support two-factor authentication (2FA) and enable it. 2FA gives you an extra layer of security that will help keep your accounts safe.

And while you’re at it, better close old accounts that you rarely use. Here’s an online tool that will help you do just that.

Bonus: Remembering all your passwords and PIN codes for your accounts can be tough so a password manager is a must.


Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me