Best Top Reviews Online

Hackers Are Passing Around a Megaleak of 2.2 Billion Records

The so-called Collections #1–5 are a monstrous Frankenstein’s monster of rotting personal data.

When hackers breached Dropbox and LinkedIn in recent years, they stole 71 million and 117 million passwords, respectively, and at least had the decency to use them in secret or sell them on the dark web for thousands of dollars. Now, it appears that someone has compiled these breached databases and many others into a massive, unprecedented collection of 2.2 billion unique usernames and associated passwords and is freely distributing them on hacker forums and torrents, distributing the private information of a significant portion of humanity as if it were last year’s phone directory.

Troy Hunt, a security researcher, identified the first tranche of this mega-dump, dubbed Collection #1 by its anonymous creator, as a collection of breached databases containing 773 million unique usernames and passwords earlier this month. Now, additional researchers have obtained and analyzed the Collections #2–5 database, which comprises 845 gigabytes of stolen data and 25 billion records in total. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, determined that the total haul is nearly three times the quantity found in Collection #1.

Chris Rouland, a cybersecurity researcher and founder of the IoT security firm, who in recent days extracted Collections #1–5 from torrented files, remarked, “This is the largest collection of breaches we’ve ever seen.” According to him, the collection has already been widely distributed within the hacker underground. The tracker file he downloaded was being “seeded” by over 130 individuals who possessed the data dump, and it had already been downloaded over 1,000 times. It is an unprecedented amount of information and credentials that will eventually enter the public domain, according to Rouland.

Size Over Substance

Despite its unfathomable size, which was first reported by the German news site, the majority of the stolen data appears to have originated from previous thefts, such as the Yahoo, LinkedIn, and Dropbox breaches. WIRED examined a sample of the data and confirmed that the credentials are valid, but represent primarily passwords from years-old data breaches.

If not for its quality, the leak remains significant due to the number of privacy violations it causes. WIRED asked Rouland to search for more than a dozen people’s email addresses; all but two returned at least one password for an online service that had been compromised within the past few years.

Regarding the Internet as a whole, this is still extremely influential – Chris Rhodes

As another indication of the significance of the data, researchers from the Hasso Plattner Institute discovered that 750 million of the credentials were not previously included in their database of leaked usernames and passwords, Info Leak Checker and that 611 million of the credentials in Collections #2–5 were not present in Collection #1. David Jaeger, a researcher at the Hasso Plattner Institute, hypothesizes that a portion of the collection may have originated from the automated hacking of smaller, obscure websites to steal their password databases, meaning that a significant portion of the passwords is being disclosed for the first time.

Credential stuffing is a technique used by unskilled hackers to try previously leaked usernames and passwords on any public website in the hope that users have reused passwords. The sheer size of the collection makes it a powerful tool for unskilled hackers. Rowland states, “For the Internet as a whole, this is still very significant.”

Rouland mentions that he is in the process of contacting affected businesses and will share the information with any chief information security officer who contacts him to protect staff or users.

Using the tool provided by the Hasso Plattner Institute, you can check for your username in the breach and should change the passwords for any breached sites for which you haven’t already done so. Always avoid password reuse, and use a password manager. (As of this writing, Troy Hunt’s service HaveIBeenPwned offers an additional helpful check to determine whether your passwords have been compromised; however, it does not yet include Collections #2-5.)

Bargain Bin Rouland hypothesizes that the data may have been compiled from older breaches and offered for sale, but then stolen or purchased by a hacker who, possibly to devalue an adversary’s product, leaked it more broadly. Rowland notes that the torrent tracker file he used to download the collection contained a “readme” that asked downloaders to “please seed for as long as possible.” He states, “Someone wants this to be publicized.” (The “readme” also indicated that an additional dump of data missing from the current torrent collection could be forthcoming.)

Other researchers, however, believe that the free distribution of such a massive database indicates something else: that the hacker underground has accumulated so many old mega breaches of personal information over the years that they can comprise a massive amount of personal information that is practically worthless.

The collections were analyzed by David Jaeger, a researcher at the Hasso Plattner Institute. “Probably the skilled hackers, the guys interested in making money from this, have had it for years,” he said. “After a while, when they’ve tried all of these on the major services and it’s no longer practical to keep them, they sell them for a small amount of money.”

Below a certain price, Jaeger explains, hackers frequently trade the information for other data, spreading it further and devaluing it to the point where it is practically free. However, it could still be used for hacking on a smaller scale, such as breaking into social media accounts or lesser-known websites. Jaeger adds, “It may be useless to the original creators of these data dumps, but random hackers can still use it for a variety of services.”

After publishing Collection #1 earlier this month, Hunt was surprised to receive offers from multiple individuals to send him links to Collections #2-5. “What makes this unprecedented is the volume of data and the extent to which it is circulating through large public channels,” says Hunt. “It is not the largest hack in history, but it is circulating with an unprecedented speed.”

In this regard, Collections #1 through #5 represents a new kind of milestone: the fact that the rotting detritus of the internet’s privacy breaches have become so numerous and devalued that it has become virtually free and therefore public, thereby degrading any remaining private information it may have contained. “When enough individuals possess confidential information, someone will disclose it,” says Roland. “This is entropy. Once the data is released, it will leak.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Security is a $10 Billion Business for Microsoft

January 28, 2021

NEWS ANALYSIS: Microsoft generated a staggering $10 billion in security-related revenues in the past year and is now a leader in enterprise cybersecurity. Microsoft’s decades-long transformation from an embarrassment to a legitimate cybersecurity powerhouse is yielding significant financial returns: over…

APT Lazarus Aims Mac Malware at Engineers

August 17, 2022

The North Korean APT is conducting a cyberespionage campaign against users of Apple and Intel-based systems using a bogus Coinbase job posting. The North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign aimed at engineers…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of