Your IP: Unknown · Your Status: Unprotected Protected

Blog News

What you need to know about the 770-million account breach

Jan 18, 2019 · 2 min read

What you need to know about the 770-million account breach

Everybody’s talking about Collection 1, the breach of 770 million people’s login information discovered by cybersecurity researcher Troy Hunt. Find out whether you should be worried about the breach and what you can do to protect yourself.

The facts

  • The “breach” is more like a collection of other breaches collected over time, many of which were already publicized separately (hence the name "Collection 1"). This is simply the first time that such a huge collection of compromised data was found being sold all in one place (check out the biggest breaches of 2018 here).
  • However, the collection contains roughly 140,000,000 email addresses that Hunt and his team at Haveibeenpwned.com have never seen before (read his report here). It is possible that this data has been bouncing around the dark web for some time as the product of other smaller breaches.
  • The scope of the data is really far more shocking than "just" 770 million people’s data, which is already a staggering number. According to Hunt, it includes “1,160,253,228 unique combinations of email addresses and passwords” and “21,222,975 unique passwords.”

Are you vulnerable?

Troy hunt runs an excellent online tool called HaveIBeenPwned.com. On his website, you can enter your email address or your password to see if it’s contained in any one of the many breach lists their team has collected. We suggest checking to see if your password or email have been compromised. People generally trust the team behind the website, but it’s always a good idea to take a few safety precautions.

To stay safe while using HaveIBeenPwned.com:

  • Use incognito mode, a secure browser, a security extension, or all 3. These tools will help make it harder to track you across multiple visits to HaveIBeenPwned.
  • Use a VPN. A VPN will hide your IP address and change your apparent location, making it hard for the site to track you.

These tools will help ensure that if you enter multiple passwords and email addresses, it will be very difficult to track and identify you. Whether or not you trust the team at HaveIBeenPwned, no site is impossible to hack. Their mission is to make one of the hacking world’s favorite tools useless, so they probably aren’t well-liked by criminal hackers. As such, users of the website could potentially be targeted and tracked as part of a malicious attack on the site. Err on the side of caution.

What to do if you’ve been compromised

No worries – the team at HaveIBeenPwned offer excellent advice for what to do if you’re on the list. Read every suggestion they provide you with if you discover that you've been compromised. Step 1, is to change your password for any email addresses that have been compromised or to change your passwords for any of your accounts that used the password on their lists.

The next steps will depend on the type of account that was compromised. If it’s your bank account, call your bank and ask them what they can do to keep your money safe. If it’s your email, check your history for strange messages that may have been part of a scam attack.

For more great cybersecurity tips and tricks, sign up for our monthly blog email newsletter below!


Daniel Markuson
Daniel Markuson successVerified author

Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.


Subscribe to NordVPN blog