Millions of access data published – what to do?

Threat Alert

Millions of stolen passwords and e-mail addresses circulate as a data set in Internet forums. We give tips on how you can protect your access data even better.

What happened?

21,222,975 passwords. 772,904,991 email addresses. This user information was stolen at some point, compiled and posted on Internet forums as a data set called “Collection #1,” as IT security expert Troy Hunt reports on his blog. The number of published e-mail addresses is thus almost twice the population of South America.

Hunt has processed the data and suspects that it was intended for so-called “credential stuffing.” This is the automated use of revealed username and password combinations to illegally gain access to user accounts and possibly take them over completely.