What is Collection #1 and What Does it Mean for Your Data?

Posted on 18 January 2019

Another major data breach has hit the headlines, and it could well be one of the biggest yet. So, what is the ominously named Collection #1, and what happens next?

In early 2019, amongst reports of no confidence votes and opinion pieces on Brexit, news hit the internet of what is being dubbed the biggest data breach in history – or if you’re after something catchier, a Megabreach.

What is Collection #1?

Consisting of data jacked from numerous data breaches, a data dump known as Collection #1 became available for anybody to download. At a neat 87GB, and filled with 773 million unique emails and 21 million unique passwords, it’s no suprise the data trove has been christened ‘#1’.

But the collection didn’t get its name from being impressive: according to cyber security buffs, it’s actually just the first cache in a series of ‘collections’ being peddled by a particularly prolific internet baddie.

Not only does that make the collection older than initially reported (approximately 2-3 years old), but it means that the entire series of ‘collections’ – stolen credentials totalling nearly a terabyte – could do some serious damage.

What’s the Harm?

It may seem like an obvious question, but it needs to be asked regardless.

Unfortunately, sharing passwords across different internet accounts – even when using different email addresses – is still a common practice, and Collection #1 proves the danger.

In the wrong hands, the cache of emails and passwords can be cross-referenced, allowing accounts with the same or similar credentials to be accessed with ease, putting private information held on those accounts at risk. If you’ve been affected, wherever you’ve used those login details is now fair game.

Businesses don’t get a free pass either. If employees have used their work emails to sign up to websites affected by a data breach, they’re at risk too. After all, even workplace giants like Adobe and LinkedIn have been breached in the past.

This puts any private information held by the company on breached websites in the firing line, with devastating consequences if not properly addressed immediately.

Where Do We Go From Here?

First things first, it’s time to get those passwords changed. Yes, it’s a tedious process, but it’s absolutely essential that any email associated with the breach – and any account associated with that email – is secured.

Thankfully, cybersecurity guru Troy Hunt’s website Have I Been Pwned? can help. Simply type in your email address and Hunt’s system will check it against records of breaches. There’s also a list of websites which have been compromised if you want to check one specifically.

Once that’s out of the way, it’s time to take your security to the next level. Where possible, initiate multi-factor authentication, ensuring that anybody attempting to hijack your account in the future is met with more barriers than they can overcome.

Multi-factor authentication (or MFA) will demand multiple credentials when logging in, and most websites now offer at least two-step authentication – such as a password and a code sent to your phone or a recovery email. If MFA isn’t available on a website, use a secure password and change it regularly.

For businesses, an organisation-wide briefing is a must, with instructions for employees to change all passwords regardless of if their email has been breached – better to stay one step ahead. It would also be prudent to make the most of solutions such as Microsoft Azure Authentication to secure your workplace.

Just the Beginning

Unfortunately, the data breaches which came together to make Collection #1 possible continue to occur on a regular basis. That makes them an ongoing challenge, but not one which should impact your daily life with undue stress.

Simply stay secure and vigilant, consider signing up for updates from Troy Hunt, and don’t share your password with anybody. For businesses, you’ll need to take extra steps and bring in new security measures, but with the right help, it’s easily achievable.

Looking to implement MFA in your business? Our experts can help. Simply get in touch to find out more.

A few people we've already done it for