My data was leaked in Collection #1. What should I do?

[harlan4096]

Today privacy and security expert Troy Hunt published a blogpost regarding the so called Collection #1 — a large database containing more than 700 million unique e-mail addresses and more than 1,1 billion unique login-password pairs that surfaced on the Internet recently. Here we explain how to check if that affects you, and what can you do about it.


Leaks and breaches happen — quite often, and sometimes those are big leaks and breaches. Malefactors collect the leaked information, creating databases with logins and passwords. Some of them try to add information from every leak to these databases, and that effort results in the creation of gigantic databases such as the one dubbed Collection #1, which has been analyzed by Troy Hunt.


That is not just one monster leak (like the one that happened to Yahoo! with billions of users’ credentials stolen) this is instead, a collection that compiles information from more than 2000 different leaks, some of them dating back to as far as 2008, while some are more recent.
Surprisingly, Collection #1 does not seem to include logins and passwords from well-known leaks such as LinkedIn leak that happened back in 2012 and both Yahoo breaches (here’s our post about Yahoo breach #1, here’s another about breach #2).

How to find out if I am affected by Collection #1?

To know if any of your credentials are on the database you can use haveibeenpwned.com. Type-in the e-mail address that your accounts are associated with — and you will be able to see if that address was included in any of the leaked databases that haveibeenpwned.com is aware of.

If your e-mail was a part of the Collection #1 — there will be an entry about that in haveibeenpwned. If it’s not there — you’re lucky, and there’s nothing you need to do about this situation. But if it is there, that’s where the tricky part begins.

Full reading: https://www.kaspersky.com/blog/collectio...one/25403/