More than 770 million email addresses - with passwords - dumped online

Collection #1, originally posted in December, contains 140 million email addresses that haven't been seen in security breaches before

Security researcher Troy Hunt has released what would appear to be the largest breach of personal data in history: an 87GB folder, dubbed Collection #1, containing almost 773 million unique email addresses.

The folder had been dumped on the MEGA cloud storage service and contained more than 12,000 files compromising 1,160,253,228 combinations of email addresses and passwords - 772,904,991 unique email addresses and 21,222,975 unique passwords.

The breach is "made up of many different individual data breaches from literally thousands of different sources", according to Hunt.

Many of the discovered email addresses have already appeared in previous breaches, such as the 164 million from a LinkedIn breach revealed in 2016, and 360 million from a MySpace hack back in 2008.

"The post on the forum referenced 'a collection of 2,000+ dehashed databases and Combos stored by topic'," wrote Hunt in a blog posting.

https://twitter.com/troyhunt/status/1085762205939712001?ref\\_src=twsrc%5Etfw

But there are also roughly 140 million addresses that Hunt had never seen before, and which hadn't made it into Hunt's www.HaveIBeenPwned.com website until now, possibly from a large yet undiscovered hack or several smaller hacks.

Hunt's website provides a database of email addresses associated with data breaches, enabling anyone to check whether accounts linked to any email address have been compromised.

Collection #1 was posted in December on a popular hacking forum, but hadn't reached the attention of security researchers until now.

It has been speculated that the folder might have been put together for credential-stuffing attacks, whereby hackers simply throw random combinations of emails and passwords at a website hoping that some might match.

Hunt, who was first to report on the breach, maintains a popular website called Have I Been Pwned which allows users to search whether their email address has been breached before. Until now, Collection #1 is the largest recorded breach on the platform.

The discovery of Collection #1 further underlines the necessity for users to diversify the passwords they use rather than using the same password across multiple platforms.

In addition, password managers can help by generating random passwords for different services, reducing password re-use.

People are also advised to take advantage of multi-factor authentication, requiring them to provide more than one piece of evidence to verify their identity during logins.