Data Leak: Collection #2-5 Dump Leaks 2.2 Billion Usernames and Passwords

Less than a fortnight after the Collections #1 data leak with over 770 million email IDs and 22 million passwords, the Collections #2-5 data dump have made its way to the Interweb. Carrying unimaginable 2.2 billion usernames and associated passwords, the new data dump is claimed to include 845GB of stolen data, including as many as 25 billion records, an online report revealed. The researcher notes that many of the leaked accounts are duplicate, as they are coming from different previous leaks, and even after weeding them out, the size of the latest dump is close to three times of the Collections #1 dump.

First reported by a German language website Heise.de, the new data dump is said to mostly include the leaked accounts from previous breaches. However, a Wired report cited a Hasso Plattner Institute researcher, who noted that there was still a significant amount of accounts and passwords that were being leaked for the first time. The exact source of the new data is unclear at the moment, and it is being speculated that the hackers may have targeted a number of smaller websites to grab their databases.

In addition to the fresh data, the reappearance of the data from previous leaks would certainly make millions of users vulnerable around the world, as people tend of re-use email accounts and passwords on multiple websites. While the hackers tend to trade or sell data from breaches on the dark web or secret websites, the Collections dumps are being freely offered on torrent website, as a Mega upload link, and hacker forums. A researcher from security firm Phosphorus.io told Wired that a torrent file of the data that he downloaded was already downloaded more than 1,000 times.

“It’s an unprecedented amount of information and credentials that will eventually get out into the public domain,” Chris Rouland from Phosphorus.io told the website.

How to check if your account details are present in the Collections #2-5

You can check if your username or password in the present in the latest leak by going to Hasso Plattner Institute’s website, which houses a nifty tool. After you put your email address, the tool will search your username in all of the leaked databases including the Collections #2-5 dump and send you email of the results. Troy Hunt’s much popular HaveIBeenPwned hasn’t been updated with the data from Collections #2-5 dump as of now, however it does include details from the Collections #1 dump.