What you need to know about the 770-million account breach

The facts

• The “breach” is more like a collection of other breaches collected over time, many of which were already publicized separately (hence the name “Collection 1”). This is simply the first time that such a huge collection of compromised data was found being sold all in one place (check out the biggest breaches of 2018 here).
• However, the collection contains roughly 140,000,000 email addresses that Hunt and his team at Haveibeenpwned.com have never seen before (read his report here). It is possible that this data has been bouncing around the dark web for some time as the product of other smaller breaches.
• The scope of the data is really far more shocking than “just” 770 million people’s data, which is already a staggering number. According to Hunt, it includes “1,160,253,228 unique combinations of email addresses and passwords” and “21,222,975 unique passwords.”

What to do if you’ve been compromised

Step 1 is to change your password for any email addresses that have been compromised or to change your passwords for any of your accounts that used the password that has been compromised. You can use these tips to create a strong password or use this strong random password generator.

The next steps will depend on the type of account that was compromised. If it’s your bank account, call your bank and ask them what they can do to keep your money safe. If it’s your email, check your history for strange messages that may have been part of a scam attack.