Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
Iceberg

Authlogics reveals that the recent Collection#1 password breach is just the tip of a 7.7 billion record iceberg

Steven Hopeon 18th January 2019

Yesterday was another big news day for the password security world as yet another sizable dump of username and passwords has been found on the web. Troy Hunt provides a well thought through post where he talks about his findings from the dump dubbed “Collection #1” containing as many as 773 million emails and password records, but, Authlogics can report that Collection #1 appears to be just the tip of the iceberg.

The data breach analysts at Authlogics have so far discovered dumps for subsequent collections numbering #2, #3, #4 and #5. To put it into perspective, Collection #1’s 773 million records add up to a relatively small 87Gb, whereas Collection #2 through #5 total over 784Gb – nine times more data! Some very basic arithmetic tells you that there could be about 7.7 billion records in total, although the end result will probably be significantly smaller once duplicates and other irrelevant data is removed. However, it is highly likely that there will be many more leaked credentials than the 773 million records currently being talked about.
Authlogics are in possession of all five Collection breaches which are already being processed and uploaded into its Password Breach Database. This is a technical and time-consuming process due to the sheer volume of data, approximately 871Gb worth, and the various formats that the data is in. Once Authlogics has completed processing the dumps, analyses of the data will be made available.

CEO of Authlogics, Steven Hope, states: “As shocking as all this news may sound, these types of dumps are far more regular than most people would think. However, many so-called “new” dumps often contain old data seen in previous breaches so even though the numbers sound scary often the volume of actual new data is significantly lower. “New” is also a matter of perspective as it depends on the age of the other data you are comparing it to, however, we will know more about these new Collection dumps in due course.”
Hope adds: “We are often asked if we can tell when a particular password was breached but unfortunately it isn’t that easy as the hackers that originally get the data don’t exactly keep accurate records of what and when they did, and they certainly don’t provide the data in a nicely organised Excel spreadsheet; so the best white hats can do it base the timing on when a breach was disclosed or when the data was found online. We store as much information as possible about breach sources and also track duplicate additions so we can quickly see statistics and trends.”
The Authlogics Password Breach Database is currently used to power the Active Directory passwords audit service and provide real-time password breach protection to Active Directory via the Authlogics Password Policy Agent. Contact Authlogics for further information.

UPDATE 21 Jan 2019: Authlogics is also in possession of two further breach collections dubbed “ANTIUBLIC #1” and “AP MYR & ZABUGOR #2” which are circulating along with “Collection #1 to #5”. The former is a duplicate of a dump we received in Mid 2018 and it is already in our breach database. The latter is a relatively small 20Gb and upon initial inspection mostly seems to mostly contain Russian based data.

in Business, Security

2 replies on “Authlogics reveals that the recent Collection#1 password breach is just the tip of a 7.7 billion record iceberg”

  • 'Collection #1' Breach Is Huge, But Should You Be Worried? - infolite.xyz | infolite.xyz
    19th January 2019 at 02:05
    reply to 'Collection

    […] firm Authlogics has also been examining the 1TB data dump. CEO Steven Hope told PCMag that some of the information inside does appear to be […]

  • ‘Collection #1’ Breach Is Huge, But Should You Be Worried? – Good news every day
    19th January 2019 at 13:08
    reply to ‘Collection

    […] firm Authlogics has also been examining the 1TB data dump. CEO Steven Hope told PCMag that some of the information inside does appear to be […]

Leave a Reply Cancel reply

  • Previous

    Have Passwords Finally Had their Day? Cisco Seems to Think So.

  • Next

    The real cost of a corporate data breach

Recent Posts

  • 3.2 billion credentials (emails and passwords) rinsed up, cleaned out and COMBed
  • PRESS RELEASE: Authlogics Partners with Westcoast to Deliver Passwordless Authentication Solutions in the UK, Ireland, and Europe
  • Reflection & Prediction
  • Analyzing the Cit0day breach
  • Read all about it – your ‘Audit’ here!

Recent Comments

  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Multi-Factor Authentication
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Auditing
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Management
  • Weekly Update 216 | Spyware.ws on Corporate Password Security with Troy Hunt
  • Weekly Update 216 | AdwareSearch.com on Corporate Password Security with Troy Hunt

Archives

  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • May 2020
  • April 2020
  • February 2020
  • January 2020
  • December 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • January 2019
  • September 2018
  • January 2018
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015

Categories

  • Authentication
  • Business
  • Compliance
  • Customer Experience
  • Data Breach
  • Download
  • Implementation
  • Management
  • Marketing
  • Multi Factor Authentication
  • Password
  • Password Replacement
  • PIN
  • Remote Working
  • Security
  • Strategy
  • Uncategorised

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact us

UK: +44 1344 568 900
US: +1 408 706 2866

sales@authlogics.com
info@authlogics.com

Visit us

Access Office Suites, Willoughby Road,
Bracknell, Berkshire, RG12 8FP, UK

Map it »

1551 McCarthy Blvd, Suite 215,
Milpitas, CA, 95035, US

Map it »

Follow on

Legal information

Privacy Policy
© Authlogics Ltd. All Rights Reserved.