{"id":12665,"date":"2019-01-17T10:23:37","date_gmt":"2019-01-17T15:23:37","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/collection-numba-one\/12665\/"},"modified":"2019-11-15T15:22:36","modified_gmt":"2019-11-15T11:22:36","slug":"collection-numba-one","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/collection-numba-one\/12665\/","title":{"rendered":"My data was leaked in Collection #1. What should I do?"},"content":{"rendered":"

Today privacy and security expert Troy Hunt published a blogpost<\/a> regarding the so called Collection #1 \u2014 a large database containing more than 700 million unique e-mail addresses and more than 1,1 billion unique login-password pairs that surfaced on the Internet recently. Here we explain how to check if that affects you, and what can you do about it.<\/p>\n

Leaks and breaches happen \u2014 quite often, and sometimes those are big leaks and breaches. Malefactors collect the leaked information, creating databases with logins and passwords. Some of them try to add information from every leak to these databases, and that effort results in the creation of gigantic databases such as the one dubbed Collection #1, which has been analyzed by Troy Hunt.<\/p>\n

That is not just one monster leak (like the one that happened to Yahoo! with billions of users\u2019 credentials stolen) this is instead, a collection that compiles information from more than 2000 different leaks, some of them dating back to as far as 2008, while some are more recent.<\/p>\n

Surprisingly, Collection #1 does not seem to include logins and passwords from well-known leaks such as LinkedIn leak that happened back in 2012<\/a> and both Yahoo breaches (here\u2019s our post about Yahoo breach #1<\/a>, here\u2019s another about breach #2<\/a>).<\/p>\n

How to find out if I am affected by Collection #1?<\/h3>\n

To know if any of your credentials are on the database you can use haveibeenpwned.com<\/a>. Type-in the e-mail address that your accounts are associated with \u2014 and you will be able to see if that address was included in any of the leaked databases that haveibeenpwned.com is aware of.<\/p>\n

If your e-mail was a part of the Collection #1 \u2014 there will be an entry about that in haveibeenpwned. If it\u2019s not there \u2014 you\u2019re lucky, and there\u2019s nothing you need to do about this situation. But if it is there, that\u2019s where the tricky part begins.<\/p>\n

What should I do about my account being mentioned in Collection #1 database?<\/h3>\n

If your e-mail is there, it\u2019s certainly a signal that you have to do something. However, the service won\u2019t tell you which of your accounts tied to this e-mail was breached. Was it an account on a cryptocurrency forum, or an online library account, or a cat-lovers-community account? With that said, there are two options now, depending on what whether you have been using a single password on multiple services<\/a> or not.<\/p>\n

Option 1: you were using one password for multiple accounts associated with this e-mail address. Then life\u2019s going to be hard, because to ensure safety you\u2019ll have to go through all of these accounts and change passwords for each and every one. Don\u2019t forget that those passwords have to be long and unique. I think that, since you\u2019re used to remembering just one password, trying to memorize a bunch of new ones would be next to impossible, so it\u2019s probably a good idea to use a password manager.<\/p>\n\n

Option 2: you were using unique passwords for accounts associated with this e-mail address. Good news, it\u2019s going to be somewhat easier then. Of course, you can also change all your passwords \u2014 but there\u2019s no need to do that. You can also try to find which of your passwords was exposed using another feature of haveibeenpwned called Pwned Passwords<\/a>.<\/p>\n

There you can type in a password for one of your accounts and see if it was mentioned in the Collection #1 database \u2014 either in plain text or as a hash<\/a>. If you see that this or that password has surfaced on haveibeenpwned at least once, you\u2019d better change it. If not, then it\u2019s safe. Then proceed to another password.<\/p>\n

Of course, doing that means trusting haveibeenpwned, and most people have absolutely no reason to do that. That\u2019s why you can also paste there a SHA-1 hash of your password \u2014 and that\u2019ll give you the very same result as pasting the password itself. There are several online resources that make SHA-1 hashes for whatever information you feed to them (here, I googled them for you<\/a>). That way you do not expose your password to haveibeenpwned, so there\u2019re no additional reasons to feel paranoid.<\/p>\n

General advice on how to stay safe and mostly unaffected by data breaches<\/h3>\n

We have seen numerous leaks over the past few years, and it\u2019s safe to assume that a lot more are going to happen in the future. That\u2019s why new large databases such as Collection #1 will keep appearing from time to time, and malefactors will gladly use them to try breaking into people\u2019s accounts. To minimize the chances of being impacted by such breaches, I recommend you do the following:<\/p>\n