“Collection #1” data breach

by | Jan 21, 2019 | cyber | 0 comments

What You Need To Know About “Collection #1”

Whenever a data breach is made public, there tends to be a bit of a hysteric frenzy as people scramble to figure out if they have been affected and what to do. Below we have sin our comprehensive guide.

Here is a quick checklist of things you can do post-Collection#1:

  1. See if you have been compromised by using the HIBP Email Research Tool
  2. You can also check the strength and uniqueness of your passwords using the HIBP Password Research Tool
  3. Rest your passwords manually (or use your password manager to automate the process)
  4. Rest easy

Post “Collection #1” Breach Wrap-up

While technically a data breach on a massive scale, the fact that this is a data dump of email addresses and passwords rather than social security numbers (SSNs) and credit cards means that you can more easily clean-up and avoid being affected. At privateRisk we see this as more of a case study in password management and personal best practices rather than a significant breach which will affect your assets, security, or lifestyle.

Facts About The “Collection #1” Data Breach

Originally reported by Troy Hunt, Collection #1 is an amalgam of passwords & email addresses which were pilfered from more than 2,000 different websites.  So, what do you need to know about this data breach and how it affects you? Here is the easiest summary to follow-

  • More than 2,000 websites we affected
  • More than 772 million email addresses were compromised
  • There were over 21 million unique passwords compromised
  • The data dump was
  • The list is from data which is approximately 2-3 years old

With much of the data being from a few years ago where we saw massive breaches affect us (ie Equifax) it is likely that you may have addressed your password security and vulnerability in the past. However, now is a prudent time to reset your passwords. If you have a password manager, this is an easy task.

The Concerns of “Collection #1”

More concerning than the fact that bad actors were able to obtain this data from insecure websites is the fact that the unique email to password ratio is a staggering 36:1, meaning that, on average, the same password was used on 36 separate website log-ins. This is an extremely unsafe practice and a trend which we need to address as a whole.

Next Steps After “Collection #1”

The biggest issue with the Collection #1 breach is the uncovering of such pitiful usage of unique passwords. The basics of managing your personal cybersecurity and the safety of your identity & data require that you should have a unique password on each of your website log-ins. Be sure to address your password strength and uniqueness. You can learn more about passwords in our comprehensive guide.

Here is a quick checklist of things you can do post-Collection#1:

  1. See if you have been compromised by using the HIBP Email Research Tool
  2. You can also check the strength and uniqueness of your passwords using the HIBP Password Research Tool
  3. Rest your passwords manually (or use your password manager to automate the process)
  4. Rest easy

Post “Collection #1” Breach Wrap-up

While technically a data breach on a massive scale, the fact that this is a data dump of email addresses and passwords rather than social security numbers (SSNs) and credit cards means that you can more easily clean-up and avoid being affected. At privateRisk, we see this as more of a case study in password management and personal best practices rather than a significant breach which will affect your assets, security, or lifestyle.