2.2 Billion E-mail Addresses and Passwords Published as New Volumes of the “Collection #1” Set

Written by Bill Toulas
Last updated September 18, 2021

Collection #1 was just a part of a larger set of stolen and leaked data bundles, and the whole set has now been unveiled in its entirety, containing more than 3.5 billion email addresses and their associated passwords. The subsets go from Collection #2 to #5, including two more named as “ANTIPUBLIC #1” and “AP MYR & ZABUGOR #2”, while their total size is just shy of 1 terabyte. Most of the data in these large-sized bundles are just compilations of already known leaks and small database dumps, so they have little value for cybersecurity, although the names of most of us are definitely in there somewhere.

The real value of these data collections seeing the light as such is to identify a rising trend in data collectors and the associated market. With hacking and data leak incidents dominating the headlines almost on a daily basis, data resulting from individual hacks have an increasingly descending value. This drove those who collect and sell this data to start assembling larger collections by congregating data leaks from the past years. These mega-packages are already flooding the cyber-crime marketplaces, and we are likely seeing only the tip of the iceberg here.

With the revelation of the whole heap, analysts came closer to the identification of the hacker who clustered it, going by the pseudonym “C0rpz”. The receptors of the mega-bundle are two other hackers nicknamed Sanix and Clorox, who further propagated it through magnet p2p sharing and the MEGA private cloud file hosting and sharing service. Parts of this collection were given away for free, indicative of the low-cost of acquiring user data of more than 3.5 billion people. Stuffing attack actors and other malicious groups appreciate these humongous collections as they make it easier for to pinpoint a person’s presence in multiple online platforms. This enables them to conduct highly targeted attacks such as extortion and financial fraud by using a combination of the leaked information.

As always, you are recommended to check your email address on services like haveibeenpawned and HPI Identity Leak Checker and reset the passwords that date previous to the leak revelation dates. Use unique passwords in each platform, pick a handy password manager, and enable two-factor authentication where possible.

Are you worried about data leaks and the trend to circulate huge collections like this one? Let us know of your comments in the section underneath, and don’t forget to do the same on our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: