Data dump of 2.7bn records puts Collection #1 in the shade

News by Tom Reeve

New data dump contains 3.5 times as much data as Collection #1 and has been accessed thousands of times already.

Billions of records dumped like yesterday's rubbish

The online data dump known as Collection #1, thought to be the largest ever seen, has been surpassed by a new data dump which is being called Collection #2-5 and contains 3½ times as much data.

While Collection #1 contained 772,904,991 email addresses, this new data dump puts that in the shade with 2,692,818,238 records spread across some 12,000 files.

Reported first by German security website Heise, the data dump is more than 600 GB in size.

Heise said that the data is composed mainly of old leaks, but it warns that it might prompt some cyber-criminals to have another go at exploiting the data.

While they were initially traded in darker corners of the web, the files are now hosted on the Mega file-sharing service.

A service allowing anyone to check if their data is included in Collection #2-5 is available Info Leak Checker run by the Hasso Plattner Institute.

According to, more than 130 people are making the data available and it has been downloaded more than 1,000 times already. 

Jake Moore, cyber security specialist at ESET UK, said, "This is a start of something far more significant than anything we have seen before. Hackers are becoming even more sophisticated, and hopefully, this is a massive wake-up call to anyone with an email address.

"The overarching statement here is that we need to adopt stronger layers of security, and this is the time to adopt a new way of managing passwords. Using your three rehashed passwords is no longer going to cut it."

Steven Murdoch, chief security architect at OneSpan’s Innovation Centre, said, "This password leak shows that large quantities of stolen passwords are readily available to anyone, regardless of how low their budget. However, data from recent breaches will be considerably more expensive to obtain.

"Companies should recognise the limitations of password authentication and are in the best position to mitigate the weaknesses. They should implement additional measures, such as detection of suspicious behaviour. Two-factor authentication, or even better, FIDO/U2F, should be offered to customers."

"As shocking as all this news may sound, these types of dumps are far more regular than most people would think. However, many so-called "new" dumps often contain old data seen in previous breaches so even though the numbers sound scary often the volume of actual new data is significantly lower," said Authlogics CEO Steven Hope.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews