Breach, Content

Collection #1 Data Breach: Nearly 773 Million Email Addresses Exposed

Nearly 773 million unique email addresses and 22 million unique passwords were exposed during the "Collection #1" data breach identified by security researcher Troy Hunt.

To better understand the Collection #1 data breach, let's examine four key questions surrounding the incident.

1. How Did the Collection #1 Data Breach Happen?

Collection #1 refers to email addresses and passwords from over 2,000 leaked databases across multiple sources, Hunt stated. These email addresses and passwords were included in over 12,000 files in a publicly accessible folder stored on the MEGA cloud storage service.

2. How Can I Find Out if I Have Been Affected by the Collection #1 Data Breach?

MEGA has removed Collection #1 data from its service. However, individuals can use Have I Been Pwned, a free data breach notification service, to find out if their email address or password was exposed during the Collection #1 data breach.

3. Is Collection #1 the Largest Data Breach to Date?

Collection #1 is a "record" data breach, Hunt stated. Yet the 2013 Yahoo data breach still ranks as the biggest data breach to date; approximately 3 billion Yahoo users were affected by the incident.

4. What Can MSSPs Learn from the Collection #1 Data Breach?

The Collection #1 data breach highlights the importance of securing sensitive information. Meanwhile, there are many security technologies that MSSPs can offer to safeguard customer email addresses and passwords against data breaches.

Jacob Serpa, product marketing manager at cloud access security broker (CASB) Bitglass, indicated that the following technologies can help MSSPs protect customer data:

  • Data Loss Prevention (DLP): Identifies potential data breaches and safeguards sensitive information while in-use, in-motion and at-rest.
  • Encryption: Converts data into an encoded format so it can only be accessed by authorized users.
  • Multi-Factor Authentication (MFA): Requires a user to provide two or more pieces of evidence to gain access to data or systems.
  • User and Entity Behavior Analytics (UEBA): Leverages machine learning and algorithms to monitor users and other entities and identify anomalies that indicate a threat may be present.

In addition, MSSPs can help organizations implement security solutions that scan and monitor data assets and third-party systems, Ruchika Mishra, director of products and solutions at vulnerability assessment and management provider Balbix, told MSSP Alert. These solutions can help organizations identify and address security vulnerabilities before they lead to data breaches.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.