Authlogics reveals that the recent Collection#1 password breach is just the tip of a 7.7 billion record iceberg

Yesterday was another big news day for the password security world as yet another sizable dump of username and passwords has been found on the web. Troy Hunt provides a well thought through post where he talks about his findings from the dump dubbed “Collection #1” containing as many as 773 million emails and password records, but, Authlogics can report that Collection #1 appears to be just the tip of the iceberg.

The data breach analysts at Authlogics have so far discovered dumps for subsequent collections numbering #2, #3, #4 and #5. To put it into perspective, Collection #1’s 773 million records add up to a relatively small 87Gb, whereas Collection #2 through #5 total over 784Gb – nine times more data! Some very basic arithmetic tells you that there could be about 7.7 billion records in total, although the end result will probably be significantly smaller once duplicates and other irrelevant data is removed. However, it is highly likely that there will be many more leaked credentials than the 773 million records currently being talked about.
Authlogics are in possession of all five Collection breaches which are already being processed and uploaded into its Password Breach Database. This is a technical and time-consuming process due to the sheer volume of data, approximately 871Gb worth, and the various formats that the data is in. Once Authlogics has completed processing the dumps, analyses of the data will be made available.

CEO of Authlogics, Steven Hope, states: “As shocking as all this news may sound, these types of dumps are far more regular than most people would think. However, many so-called “new” dumps often contain old data seen in previous breaches so even though the numbers sound scary often the volume of actual new data is significantly lower. “New” is also a matter of perspective as it depends on the age of the other data you are comparing it to, however, we will know more about these new Collection dumps in due course.”
Hope adds: “We are often asked if we can tell when a particular password was breached but unfortunately it isn’t that easy as the hackers that originally get the data don’t exactly keep accurate records of what and when they did, and they certainly don’t provide the data in a nicely organised Excel spreadsheet; so the best white hats can do it base the timing on when a breach was disclosed or when the data was found online. We store as much information as possible about breach sources and also track duplicate additions so we can quickly see statistics and trends.”
The Authlogics Password Breach Database is currently used to power the Active Directory passwords audit service and provide real-time password breach protection to Active Directory via the Authlogics Password Policy Agent. Contact Authlogics for further information.

UPDATE 21 Jan 2019: Authlogics is also in possession of two further breach collections dubbed “ANTIUBLIC #1” and “AP MYR & ZABUGOR #2” which are circulating along with “Collection #1 to #5”. The former is a duplicate of a dump we received in Mid 2018 and it is already in our breach database. The latter is a relatively small 20Gb and upon initial inspection mostly seems to mostly contain Russian based data.