Collection 2 Data Breach Exposes 2.2 Billion Unique Accounts

A mammoth data dump database has grown much much bigger, according to security researchers in Germany.

They warned that over 2 billion email addresses and passwords are being passed around on hacker forums.

It comes after security researcher Troy Hunt last month discovered one of the biggest ever data breaches ever found that involved 773 million email addresses and passwords, which had been posted to a popular hacking forum in mid-December.

Bigger data

The 87GB data dump had been discovered by Troy Hunt who setup ‘Have I Been Pwned’ (HIBP) as a simple location for people to check if their personal data had been compromised by any data breaches.

He has not yet updated his website with the latest “collection” data, but researchers at the Hasso Plattner Institute who run their own Identity Leak Checker, have added to the ‘Collection #1’ data dump found by Troy Hunt.

The German researchers reportedly discovered that 611 million of the credentials in the new ‘Collections #2–5’ database weren’t included in the Collection #1 database.

The ‘Collections #2–5’ database reportedly contains 845 gigabytes of stolen data and 25 billion records in all.

This means that hackers have been exchanging a database that contains an estimated 2.19 billion email addresses and passwords.

“This is a start of something far more significant than anything we have seen before,” Jake Moore, cyber security specialist at ESET UK, warned Silicon UK via email. “Hackers are becoming even more sophisticated, and hopefully, this is a massive wake-up call to anyone with an email address.”

“The overarching statement here is that we need to adopt stronger layers of security, and this is the time to adopt a new way of managing passwords,” said Moore. “Using your three rehashed passwords is no longer going to cut it.”

What to do

If users are worried their email addresses have been compromised, they should either visit ‘Have I Been Pwned’ (HIBP) or Hasso Plattner Institute to run a check.

It is good advice for people affected to change their email passwords, and also people should consider using a password manager.

The ‘Collection #1’ and now the ‘Collections #2–5’ breaches are sure to go down as one of the largest ever data breaches.

However, it should be remembered that it is still some way off the Yahoo data breach in 2013 that saw the compromise of 3 billion accounts worldwide.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

9 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

12 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

14 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

1 day ago