Troy Hunt, who maintains the Have I Been Pwned? database, has a blog post on the latest data breach, dubbed “Collection #1”, which contains 773 million records. That makes it the largest breach after Yahoo’s two billion-level incidents.
Let’s start with the raw numbers because that’s the headline, then I’ll drill down into where it’s from and what it’s composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It’s made up of many different individual data breaches from literally thousands of different sources.
So, that’s a lot of passwords. It’s worth checking HIBP to see if your email or password has been compromised. (Users of 1Password’s most recent version can use the Watchtower feature, which is now integrated directly with HIBP.) But chances are at least some of your older accounts are in there, so it’s a great time to 1) update your old passwords; 2) start using a password manager if you’re not already; and 3) enable two-step/two-factor authentication wherever it’s available.