ShellCodeX Breach Report
Collection #1 Data Breach
Unverified
Passwords exposed
Accounts exposed
772,904,991
Breach date
07 Jan 2019
Added to tracker
16 Jan 2019
Data classes
2
What happened
In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Collection #1 password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Collection #1 โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP