PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

'Collection #1' Breach Exposes a Record 773 Million Email Addresses

The massive trove of leaked data, which was posted to a hacking forum, also includes 21,222,975 unique passwords. Here's how to see if your data was exposed.

Angela Moscaritolo
 & Angela Moscaritolo Managing Editor, Consumer Electronics

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Did you receive an email this morning informing you that your personal information was exposed in a data breach called Collection #1? You're not alone, and it's a reminder to take precautions like enabling two-factor authentication and signing up for a password manager.

Security researcher Troy Hunt, who runs breach notification site Have I Been Pwned (HIBP), first reported the Collection #1 exposure. The massive trove of leaked data, which was posted to a hacking forum, includes some 772,904,991 unique email addresses and 21,222,975 unique passwords, Hunt said.

"Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows," Hunt explained in a Thursday blog post. "It's made up of many different individual data breaches from literally thousands of different sources."

Hunt said he first caught wind of the breach last week when several people pointed him to a suspicious collection of files on the cloud service Mega. The 87GB collection, which contained more than 12,000 files, has since been removed from Mega, but found its way to a "popular hacking forum," he wrote.

"My own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "If you're in this breach, one or more passwords you've previously used are floating around for others to see."

Some 768,000 of the 2.2 million people who use Hunt's free breach notification service are affected by this breach and received an alert. If you don't use that service, you can easily check if your information was included in the breach by visiting HIBP and entering your email address.

Recommended by Our Editors

1Password
1Password - Review

That tool won't tell you which, if any, of your passwords leaked, but Hunt does offer a feature that lets you manually check your current passwords against a list of known breached ones. On the HIBP site, click "Passwords" at the top, then enter the password you're concerned about it (HIBP won't see your actual password, according to Hunt).

Alternatively, if you use 1Password, you can use the Watchtower feature to check all your stored passwords at once.

"My hope is that for many, this will be the prompt they need to make an important change to their online security posture," Hunt wrote. "If you're in this breach and not already using a dedicated password manager, the best thing you can do right now is go out and get one."

We here at PCMag have evaluated two dozen of the best password managers to help you choose. Our favorites include Keeper Password Manager & Digital Vault and Dashlane. If you're short on money, check out our roundup of the best free password managers.

About Our Expert

Angela Moscaritolo

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes. 

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app. 

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth. 

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light. 

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio