Earlier this month we saw what was considered to be the largest ever dump of stolen internet accounts with 773 million email addresses and 21 million passwords. The dump of compromised accounts was called “Collection #1”. Now, Collections #2-5 have been dumped and the numbers are staggering: 845GB of stolen data that includes 25 billion total records and 2.2 billion unique usernames and passwords.
As reported by Wired, Collections #2-5 more than double the number of comprised accounts that have surfaced from Collection #1. Security researchers have concluded that 25 billion stolen records with 2.2 billion unique usernames and passwords are the numbers after accounting for duplicates found in Collections #2-5, creating a new record for the biggest data breach collection.
Unfortunately, this massive collection of data has been making the rounds on the black market and Rouland says that the collection has been downloaded over 1,000 times on torrent sites already.
Notably, much of the stolen information stems from prior breaches of Yahoo, LinkedIn, and Dropbox, but has just now surfaced with these massive dumps.
You can check if any of your accounts have been compromised as a part of Collection #1 at Have I Been Pwned. Wired notes that Have I been Pwned hasn’t been updated with Collections #2-5 yet, but the Hasso-Plattner Institute’s tool has been.
Remember to always use 2FA when possible, use strong, unique passwords for each account you own, and make use of a password manager to help keep track of everything.