Collection 2 Data Breach Exposes 2.2 Billion Unique Accounts

A mammoth data dump database has grown much much bigger, according to security researchers in Germany.

They warned that over 2 billion email addresses and passwords are being passed around on hacker forums.

It comes after security researcher Troy Hunt last month discovered one of the biggest ever data breaches ever found that involved 773 million email addresses and passwords, which had been posted to a popular hacking forum in mid-December.

Bigger data

The 87GB data dump had been discovered by Troy Hunt who setup ‘Have I Been Pwned’ (HIBP) as a simple location for people to check if their personal data had been compromised by any data breaches.

He has not yet updated his website with the latest “collection” data, but researchers at the Hasso Plattner Institute who run their own Identity Leak Checker, have added to the ‘Collection #1’ data dump found by Troy Hunt.

The German researchers reportedly discovered that 611 million of the credentials in the new ‘Collections #2–5’ database weren’t included in the Collection #1 database.

The ‘Collections #2–5’ database reportedly contains 845 gigabytes of stolen data and 25 billion records in all.

This means that hackers have been exchanging a database that contains an estimated 2.19 billion email addresses and passwords.

“This is a start of something far more significant than anything we have seen before,” Jake Moore, cyber security specialist at ESET UK, warned Silicon UK via email. “Hackers are becoming even more sophisticated, and hopefully, this is a massive wake-up call to anyone with an email address.”

“The overarching statement here is that we need to adopt stronger layers of security, and this is the time to adopt a new way of managing passwords,” said Moore. “Using your three rehashed passwords is no longer going to cut it.”

What to do

If users are worried their email addresses have been compromised, they should either visit ‘Have I Been Pwned’ (HIBP) or Hasso Plattner Institute to run a check.

It is good advice for people affected to change their email passwords, and also people should consider using a password manager.

The ‘Collection #1’ and now the ‘Collections #2–5’ breaches are sure to go down as one of the largest ever data breaches.

However, it should be remembered that it is still some way off the Yahoo data breach in 2013 that saw the compromise of 3 billion accounts worldwide.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK Watchdog Agrees ‘Oversight’ On Google’s Cookie Removal

Unhappy advertiser complaint sees CMA taking a key oversight role over Google’s planned removal of…

2 hours ago

Vodafone Chooses Samsung For 5G, Open RAN

Watch out Nokia, Ericsson? Samsung gains 5G foothold in Europe after Vodafone UK opts for…

3 hours ago

Passenger Bids $28 Million To Join Jeff Bezos On Blue Origin Debut

Blue Origin announces winner of live auction to join Jeff Bezos and his brother on…

4 hours ago

Trump ‘Subpoenaed Apple, Microsoft For Data On Rivals’

Apple changes rules for responding to government data requests after previous administration used subpoenas to…

1 day ago

China Regions Order Bitcoin Mining Shutdown

Two of China's biggest cryptocurrency mining regions order mining operations to cease operations, even as…

1 day ago

US Bills Target Tech Giants’ Unchecked Power

Five draft bills in US House of Representative build on last years' antitrust hearings with…

1 day ago