The largest dump in history: 2.7 billion accounts, of which 773 million are unique



    Well-known security specialist Troy Hunt has been supporting Have I Been Pwned (HIBP) for several years with millions of records of stolen accounts. Everyone can check their email for leaks. Troy Hunt monitors hacker forums, buys databases that are put up for sale, sometimes these databases are sent to him for free. But he had never seen a huge base like the current Collection No. 1 (Collection # 1) put up for sale .

    The giant archive contains 2,692,818,238 entries with email addresses and passwords.

    Hunt procured the base and carried out the analysis, although its huge size caused certain technical difficulties due to exceeding the 32-bit value .



    Troy says he downloaded the archive from the Mega file hosting service. Several informants promptly sent him a link to the file, but he was soon removed from the hosting. The archive turned out to be more than 12,000 individual files with a total size of more than 87 GB. The link was published on one of the hacker forums along with screenshots confirming the contents of the archive. Here is the complete list of files .

    In the screenshot you can see that the root folder is called Collection # 1. Using the file list you can get some idea about the sources of information ( itotal.ru , ineedtutor.ru . Kazachok.comand so on).

    The forum post mentioned “a collection of more than 2,000 deheched databases and topic combinations” and a list of 2,890 files in the archive.

    It is too early to talk about how reliable information is contained in the new database. However, Troy Hunt found his email address and password there, which he used many years ago. “Fortunately,” he says, “these passwords are no longer used, but I still feel anxious when I see them again. As a result of the leakage, password hashes were copied several years ago, but this database contains de-hacked passwords that have been cracked and converted back to plain text. ”

    The base is made up of many different individual leaks - literally from thousands of sources. There are 1 160 253 228 unique combinations of email addresses and passwords. This is when processing passwords with regard to the register and e-mail addresses without register. Troy Hunt notes that there is a certain amount of garbage in this volume, because hackers do not always accurately format their dumps for convenient processing (a combination of different types of delimiters, including colons, semicolons, as well as a combination of different file types, such as text files with delimited, files containing SQL statements and other compressed archives).

    New email addresses in the base 772 904 991. All data is already uploaded to the site and available for search. This is the largest update in the history of HIBP.

    21,222,975 unique passwords (i.e. combinations of email and passwords) were also detected. As in the case of email addresses, this figure is obtained after applying a set of rules in order to maximally clear the database of duplicates, as far as possible, including deleting passwords in hashed form, ignore strings with control characters and fragments of SQL statements, etc. After adding new data the total number of unique records in the database has grown to 551 509 767.

    Troy Hunt admits that after processing this database on a cloud hosting service, he will have an unpleasant conversation with his wife on a financial issue.


    You can check your email directly on the website, as well as through the API or the Firefox Monitor service . This tool creates a SHA-1 hash for the mailing address entered in the form and checks the HIBP base using the first six digits. For example, test@example.com turns into 567159D622FFBB50B11B0EFD307BE358624A26EE, and only 567159 is used from here. In response, the leak aggregator “returns” possible matches, if any. However, the email address is not transmitted in any obvious form. Then Firefox Monitor searches the full hash. If a match is found, the user is told which data leaks have affected his data, and will strongly recommend changing the passwords.

    Also popular now: