Collection #1-5 Breach

​The Collection #1–5 data breaches, disclosed in early 2019, represent one of the most extensive compilations of compromised credentials ever uncovered. These datasets, totaling over 2.7 billion records, amalgamated email addresses and passwords from thousands of prior breaches, including those affecting major platforms like Yahoo, LinkedIn, and Dropbox. Initially discovered by security researcher Troy Hunt, Collection #1 alone comprised approximately 773 million unique email addresses and over 21 million unique passwords in plaintext, highlighting the vast scope of exposed personal information .​

Collection #1 surfaced on the cloud storage service MEGA and was later disseminated through various hacker forums. The dataset was not the result of a single breach but rather a curated compilation of data from over 2,000 sources, some previously known and others newly identified. The inclusion of plaintext passwords indicated that many of the original breaches had weak or nonexistent encryption, exacerbating the risk to affected individuals .​

Following the revelation of Collection #1, additional datasets labeled Collections #2 through #5 were identified. These subsequent compilations expanded the total volume of exposed data to approximately 845 gigabytes, encompassing over 25 billion records. Analyses by institutions such as the Hasso Plattner Institute revealed that Collections #2–5 contained around 2.2 billion unique email-password pairs, with approximately 611 million credentials not present in Collection #1, underscoring the breadth of the breach .​

The widespread availability of these collections, often distributed freely or at minimal cost on hacker forums and torrent sites, significantly lowered the barrier to entry for cybercriminals. This accessibility facilitated credential stuffing attacks, where malicious actors use automated tools to test stolen credentials across multiple platforms, exploiting users who reuse passwords. The scale and ease of access to these datasets marked a pivotal moment in cybersecurity, demonstrating how aggregated breaches can amplify threats

In response to these revelations, cybersecurity experts and organizations emphasized the importance of robust password hygiene. Recommendations included using unique, complex passwords for each account, employing password managers to securely store credentials, and enabling multi-factor authentication to add an extra layer of security. Tools like "Have I Been Pwned" became invaluable resources for individuals to check if their information had been compromised and take necessary actions to mitigate potential risks .​