LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is Collection #1, and why is it relevant to password cracking?

Collection #1 is a 2019 mega-dump of 773 million email/password pairs aggregated from thousands of breaches — it's now a standard wordlist for credential stuffing.

The leak:

  • Released January 2019 on hacking forums
  • ~87 GB of data, 12,000+ separate breach files merged
  • 773 million unique emails
  • 21 million unique plaintext passwords

What makes it special:

  • Many passwords were cracked before publication — published as plaintext, not hashes
  • Aggregates breaches over years — your 2014 forum password is in there if it was reused
  • Followed by Collection #2-5 (~2.2 billion total credentials)

How attackers use it:

  1. Credential stuffing — feed the email/password pairs into login forms on every major service (banks, email, gaming, e-commerce)
  2. Wordlist for new attacks — feed the 21M unique passwords into Hashcat to crack new breaches
  3. Phishing target lists — emails are sorted, valid → spear-phish at scale

Why it's still dangerous in 2026:

  • People rarely change passwords proactively
  • Many sites still don't enforce breach checks
  • Even if YOU rotated, your old password reveals patterns ("Spring2018!" → likely "Winter2024!" now)

Self-defense:

  • Check yourself: https://haveibeenpwned.com/ (HIBP)
  • Use a password manager → unique password per site means breaches stay isolated
  • Sign up for breach notifications

The bigger picture:

The Cambridge Cybercrime Centre estimates that aggregated leaked credentials power billions of credential stuffing attempts daily. It's the most common form of attack on online services.

Wikipedia: https://en.wikipedia.org/wiki/Collection_No._1.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 05, 2026