The “Collection #1” from 772 million E-Mail addresses and 21 million on the Internet published passwords may be just the beginning of a series of publications. The specialized in IT security Journalist Brian Krebs has information on much larger data collections are given to the same Person and contacted her.

A company that keeps in underground forums for such deals, had indicated cancer on the side of the seller, the “Collection #1”. On the several other file folders are currently seeing, including the “Collections” number two to five. Two of them are apparently significantly larger than the 87-Gigabyte comprehensive first collection.

data in the “Collection #1” are supposedly two to three years old

On the side of a Telegram user name. Cancer registered there and started a Chat with the seller, requires, apparently, only $ 45 for access to the first collection. The Unknown first confirmed the presumption of the Australian security researcher Troy Hunt, that it is in the case of the first collection, the result of many different data leaks in the past.

but I also have a larger and more recent deals, said the Person, not all of which are already visible online. Overall, it was said, it is important to access data in the amount of four terabytes. While the data in the first collection of two to three years old, was the other contingents of the Material, it was less than a year old.

reading tip on the topic of Old data leaks MySpace passwords as a template for hackers

If this is true, it will show. In theory, it could be, for example, E-Mail addresses, passwords, and other data originating from other, in 2018, the known data leaks: The hotel chain Marriott, for example, had to admit that data had been compromised, up to 383 million customers (at the beginning of the speech) was 500 million. In the case of the knowledge platform, Quora with 100 million users were affected.

If such data leaks can Internet users check on the of Troy Hunt, and operated by the Federal office for information security (BSI) recommended Website , whether your E-Mail address is included in it. Here is a step-by-step instructions:


an E-Mail address Is included, it means not automatically that the password of the respective E-Mail Account was published. In many cases, only the address, in other cases, a password that someone has used, together with the E-Mail address to log in to any online service can be found in large collections of data.

Criminals use such data leaks not give, therefore, first and foremost, access to E-Mail accounts. Rather, they send Spam, blackmail, or phishing mails to the E-Mail addresses, or try the combination of the E-Mail address and password for multiple online services, such as, for example, on Amazon, where you could order at the expense of the victims Were.

password re-use can be fatal, such as weak passwords

Who finds out to “Have I been pwned”, that his E-Mail address is included in a Datenleak, should first check, for which services he used this address to log in. In these services, a change of password would be useful. Each account should have its own password.

In addition, the Change of the password for the E-Mail can’t hurt-Account at the very least, if it is a long, not easily guessable, and only for the Account used password. Stored, such a password should be at best in a password Manager such as KeePass.

Extra layer of security against Account takeovers by Criminals, the Two-factor authentication, offered by many services. It is also called “confirmed registration” and requires that users use the password a second Element for the (first) application on your device. It may be a via SMS Code received, in a special App-generated Code, or to a special physical security key.

Ten General tips for more security in the network can be found here.


Sam Yoon has many years of experiences in journalism. He has covered such areas as information technology, science, sports and politics. Yoon can be reached at 82-2-6956-6698.