Skip to Main Content

Collection #1: 1,160,253,228 unique email and password combinations found on Mega

We’ve had all kind of big data breaches the last year. Some of them were so huge, you’d really just been wondering how something like that could have happened. Quora, Marriot, Equifax – these are just a few of the biggest breaches that come to mind and which you might remember.

Now a new monumental data collection has surfaced: Almost 773 million unique email addresses and around 22 million unique passwords were found on MEGA, the well-known cloud service.

What happened?

According to Troy Hunt the data dump which he dubbed Collection #1 contains more than 87GB of data spread over 12,000 separate files. As you can imagine it does not contain the information of just one breach, but compiles a whole lot of them – virtually thousands of sources.

In his blog Hunt says that the set of email addresses and passwords totals 2,692,818,238 rows, includes 1,160,253,228 unique combinations of email addresses and passwords and that they seem to be legit: He was able to find his own personal data in there and it’s accurate.

Was my account in the mix?

The numbers above are huge and chances that at least one of your accounts was affected as well are pretty big. To find out if that’s really the case you can do the following:

  • Visit the
  • Enter your email-address
  • Click on “pwned?”

If you see the message “Oh no — pwned!” chances are, that Collection #1 was amongst them.

Change your passwords – NOW!

Your password was in a recent (or not so recent) data breach? Then you should change it immediately by following the below security tips:

  • Use a unique password for each of your accounts. When a website gets hacked one of the first things bad guys do is checking out if your username/email address/password combination works on other (high-profile) pages.
  • Your password should consist of at least twelve characters – the more the better. It should include upper- and lower-cases, numbers, and special characters.
  • Try and create passwords that can’t be found in a dictionary. Hackers nowadays have programs that cycle through dictionaries to check if they can access your account.
  • Don’t use character strings like 12345, abcde, qweertyui, etc.
  • Use passwords that can’t be associated with you: Your dog’s name, birthday dates of family members or yourself or your favorite sport are a not a good idea.
  • Change your password regularly – especially when it comes to your email and online banking/online payment accounts.
  • Don’t write down your passwords and never ever share them.

If you have trouble coming up with a good, strong, and complex enough password you can always use a good Password Manager to help you out.

EMEA & APAC Content Manager @ Norton & Avira | Gamer. Geek. Tech addict.