Earlier today, security researcher Troy Hunt announced the Collection #1 data breach and updated Have I Been Pwned with over 773 million new compromised logins. These are now available in Watchtower, so you can check if you've been affected by the breach right from 1Password.
What is the Collection #1 data breach?
Collection #1 consists of over 1 billion username and password combinations, taken from individual data breaches on thousands of different websites. The data has been circulating on the dark web and hacker forums and is the single largest breach to ever be added to Have I Been Pwned and Watchtower.
Collection #1 contains:
- 1,160,253,228 unique combinations of email address and password
- 773,138,449 unique email addresses
- 21,222,975 unique passwords
Around 140 million email addresses in this breach had never appeared in Have I Been Pwned before.
What do attackers want with this data?
Attackers use bots to try passwords stolen from breaches on many other websites with the aim of gaining access to those accounts. This is known as credential stuffing and is why password reuse is such a security risk. When one account is breached, hackers have access to any other account that uses the same email address and password combination.
1Password's integration with Have I Been Pwned makes it simple for people to check to see if they are at risk. — Jeff Shiner, CEO
What should I do now?
To see if you’ve been affected by the Collection #1 data breach, sign in to your account on 1Password.com, select your vault, and click Watchtower in the sidebar.
Watchtower automatically checks the logins you store in 1Password and tells you which passwords have been compromised, which have been used elsewhere, and which aren’t very strong.
If you're affected by this breach, change your password on any affected site to something strong and unique.