Quiz Entry - updated: 2026.07.05
What is Collection #1, and why is it relevant to password cracking?
Collection #1 is a 2019 mega-dump of 773 million email/password pairs aggregated from thousands of breaches — it's now a standard wordlist for credential stuffing.
The leak:
- Released January 2019 on hacking forums
- ~87 GB of data, 12,000+ separate breach files merged
- 773 million unique emails
- 21 million unique plaintext passwords
What makes it special:
- Many passwords were cracked before publication — published as plaintext, not hashes
- Aggregates breaches over years — your 2014 forum password is in there if it was reused
- Followed by Collection #2-5 (~2.2 billion total credentials)
How attackers use it:
- Credential stuffing — feed the email/password pairs into login forms on every major service (banks, email, gaming, e-commerce)
- Wordlist for new attacks — feed the 21M unique passwords into Hashcat to crack new breaches
- Phishing target lists — emails are sorted, valid → spear-phish at scale
Why it's still dangerous in 2026:
- People rarely change passwords proactively
- Many sites still don't enforce breach checks
- Even if YOU rotated, your old password reveals patterns ("Spring2018!" → likely "Winter2024!" now)
Self-defense:
- Check yourself: https://haveibeenpwned.com/ (HIBP)
- Use a password manager → unique password per site means breaches stay isolated
- Sign up for breach notifications
The bigger picture:
The Cambridge Cybercrime Centre estimates that aggregated leaked credentials power billions of credential stuffing attempts daily. It's the most common form of attack on online services.
Wikipedia: https://en.wikipedia.org/wiki/Collection_No._1.
Go deeper:
Collection #1 (Wikipedia) — 773M emails / 21M plaintext passwords aggregated from 2000+ breaches.
Troy Hunt: Collection #1 Data Breach — first-hand HIBP writeup on its credential-stuffing significance.