2.2 Billion E-mail Addresses and Passwords Published as New Volumes of the “Collection #1” Set

  • The complete set of the “Collection #1” leak has been unintentionally revealed, and it’s thumping.
  • Most of the data in it are compilations of previously known leaks that date back to 2014.
  • Selling and buying hackers were identified by pseudonyms as C0rpz, Sanix, and Clorox.

Collection #1 was just a part of a larger set of stolen and leaked data bundles, and the whole set has now been unveiled in its entirety, containing more than 3.5 billion email addresses and their associated passwords. The subsets go from Collection #2 to #5, including two more named as “ANTIPUBLIC #1” and “AP MYR & ZABUGOR #2”, while their total size is just shy of 1 terabyte. Most of the data in these large-sized bundles are just compilations of already known leaks and small database dumps, so they have little value for cybersecurity, although the names of most of us are definitely in there somewhere.

The real value of these data collections seeing the light as such is to identify a rising trend in data collectors and the associated market. With hacking and data leak incidents dominating the headlines almost on a daily basis, data resulting from individual hacks have an increasingly descending value. This drove those who collect and sell this data to start assembling larger collections by congregating data leaks from the past years. These mega-packages are already flooding the cyber-crime marketplaces, and we are likely seeing only the tip of the iceberg here.

With the revelation of the whole heap, analysts came closer to the identification of the hacker who clustered it, going by the pseudonym “C0rpz”. The receptors of the mega-bundle are two other hackers nicknamed Sanix and Clorox, who further propagated it through magnet p2p sharing and the MEGA private cloud file hosting and sharing service. Parts of this collection were given away for free, indicative of the low-cost of acquiring user data of more than 3.5 billion people. Stuffing attack actors and other malicious groups appreciate these humongous collections as they make it easier for to pinpoint a person’s presence in multiple online platforms. This enables them to conduct highly targeted attacks such as extortion and financial fraud by using a combination of the leaked information.

As always, you are recommended to check your email address on services like haveibeenpawned and HPI Identity Leak Checker and reset the passwords that date previous to the leak revelation dates. Use unique passwords in each platform, pick a handy password manager, and enable two-factor authentication where possible.

Are you worried about data leaks and the trend to circulate huge collections like this one? Let us know of your comments in the section underneath, and don’t forget to do the same on our socials, on Facebook and Twitter.



Mob Psycho 100 Season 3: Release Date, Teaser, Poster and Where to Watch!

Mob Psycho 100 season 3 has finally been confirmed by the series’ official Twitter account, along with the release of a new...

GPSD Bugs Set to Roll Back Clocks to 2002 on Sunday

A GPSD bug will make apps roll back to 2002 on Sunday, 24th November 2021.The bug comes from a mistaken code put...

Ransomware Attacks Perpetrated via Vulnerability in BillQuick Billing Software

A critical vulnerability that allowed remote code injection was discovered in multiple versions of the relatively popular BillQuick billing software.The exploit comes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari