Are You Affected by the Collection #1 Data Breach?

Are You Affected by the Collection #1 Data Breach?

Kevin R. Kraft, CISA, IT Director
Posted by Kevin R. Kraft, CISA, IT Director on Mar 13, 2019 2:00:00 PM

Info_SecurityIn what’s becoming an all-too-common occurrence, another large trove of personal information was released online in recent weeks. The group of files, known as ‘Collection #1’ was discovered by security researchers being shared on the public file sharing service, Mega. The collection included over 770 million unique email addresses and 21 million passwords after being cleaned-up by researcher Troy Hunt. Troy maintains a free online service which allows Internet users to search for their email addresses and passwords within various breach releases to see if they’ve been leaked. The service is called ‘Have I Been Pwned?” and Troy has been maintaining it for many years out of his own pocket and with some donations. You can find it here: https://haveibeenpwned.com

The usual advice for protecting yourself applies:

  • Never reuse passwords across multiple sites; it increases your exposure by orders of magnitude.
    Get a password manager. For personal accounts, Have I Been Pwned integrates directly into 1Password—automatically checking all of your passwords against its database. You can find it here: http://1password.com/
  • Enable app-based two-factor authentication on as many accounts as you can, so that a password isn’t your only line of defense. And if you do find your email address or one of your passwords in Have I Been Pwned, at least know that you’re in good company.

See these links for more information and resources:

https://www.wired.com/story/collection-one-breach-email-accounts-passwords/
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Contact Kevin