top of page

Collection #1

Writer's picture: SysArmySysArmy

An apt name. The above is a store or as the name said, a collection of sensitive information that was published to the internet in January 2019. The publisher is unknown and anyone can download the hundreds of millions of email addresses and passwords.

  

Collection #1 is roughly 87GB in size. Altogether, the whole collection totals more than ten times that, and the same seller seems to have seven collections one of which is more than 500GB even by itself.

 

The passwords were available in plaintext format rather than in their hashed version. This implied that the creators of this database had been able to successfully de-hash these passwords from weak or compromised encryption schemes. Security researchers noted that unlike other username/password lists which are usually sold on the dark web, Collection #1 was temporarily available at no cost, and could potentially be used by a larger number of malicious agents, primarily for credential stuffing.


By the end of January 2019, Collections #2 through #5, were put up for sale on the dark web. Collections #2-5 included over 845 gigabytes of data, with a total of 25 billion email/password records. Many of the email/password pairs in the collection were found to be from previous breaches including the Yahoo! data breaches, and breaches from LinkedIn and Dropbox


It is normal you would ask - is my details in any of these collections? Some experts would suggest you check with a certain website to determine whether your details are in there.


Our advice - don't bother. You are not certain nor do you have the assurance that the websites mentioned are not 'pawns' used to trick innocent users into keying in their personal details to check when in the first instance their details were actually not in the list.


If you have doubts or reasons to worry especially when you used the internet almost full time for your work or leisure, just proceed to change your password to a new password. This is the easiest and simplest solution instead of you checking and verifying.


Comments


bottom of page