Data Breaches | Download ¶
Nr1 cannot be held responsibility for any data that is hosted on other websites
A data breach occurs when confidential information is intentionally or unintentionally exposed to unauthorized parties. Data has become one of the most critical components in the digital era, and data leakage poses significant risks to organizations, including substantial monetary and reputational losses.
Despite the focused efforts to ensure data security, new instances of security data breaches surface every day. Data loss detection and prevention has emerged as a business's most pressing security concern.
Some of the most common methods for data breaches include malware, ransomware, viruses, and phishing attacks. All it takes for cybercriminals to gain access to business-sensitive data is a single click on a malicious link.
Collection #1 is the name of a set of email addresses and passwords that appeared on the dark web around January 2019.
The database contains over 773 million unique email addresses and 21 million unique passwords, resulting in more than 2.7 billion email/password pairs. The list, reviewed by computer security experts, contains exposed addresses and passwords from over 2000 previous data breaches as well as an estimated 140 million new email addresses and 10 million new passwords from previously unknown sources, and collectively makes it the largest data breach on the Internet
Collection #1 was discovered by security researcher
Troy Hunt, founder of
Have I Been Pwned a website that allows users to search their email
addresses and passwords to know if either has appeared in a known data breach. The database had been briefly posted to Mega in January 2019, and
links to the database posted in a popular hacker forum. Hunt discovered that the offering contained 87 gigabytes of data across 12,000 files.
Not only was this discovery of concern to Hunt, but he further found that the passwords were available in plaintext format rather than in their
hashed version. This implied that the creators of this database had been able to successfully crack the hashes of these passwords from weak
implementation of hashing algorithms.Security researchers noted that unlike other username/password lists which are usually sold on the dark web,
Collection #1was temporarily available at no cost, and could potentially be used by a larger number of malicious agents, primarily for credential stuffing.