Why You Need Check Data Breach Online

Take Collection 1 as an example to show why you can check your privacy leakage online; it helps you choose the correct method to discover personal information leakage.

 Search Resources
Hot Words
Key Words
In Field


 By Timing Good
Why You Need Check Data Breach Online
Data BreachCybercriminals cause data breaches. Now that they steal your data, they shouldn't let you know. So, in general, people don't have any clue if their personal information is safe or not unless the organizations attacked inform them.

However, a data breach is hardly detected very soon. And some organizations don't disclose the leakage quickly for various reasons. For example, Facebook was fined heavily by the EU because it reported a personal data leakage two months later. Even if a data breach exposes your privacy and its organization discloses the accident quickly, you somehow miss the notification. Is there a way to check any privacy leakage online? The answer is yes. Because after cybercriminals get privacy, they have to sell them on the dark web, a sort of black market. It means the quick and reliable way to check if your privacy leaked is to search the black market for personal information. Few ordinary people enter the dark web, mainly cybercriminals. However, its trade data aren't limited to the dark web only. From time to time, we also see leaked privacy data on our Internet, which are shipped from the dark web and become a base stone to check if you are a victim in previous data breaches.

Here we take Collection 1 as an example to show this solution works.

1. Collection 1: leaked data from the dark web
Whatever cybercriminals do is for money. They must trade the stolen data in the dark web that is secret for ordinary people but still can be accessed by intended persons. Sooner or later, some stolen data will be moved to our Internet for various causes. These data provide a possibility to research if the individual personal information, e.g., email, is leaked or not.

We see stolen data sets from the dark web from time to time. We have to mention milestone one: Collection 1, reported in Jan 2019. Collection 1 was named by the root folder first spotted to host the files.

The most massive data dump in history has more than 770 million people's PII (Personally Identifiable Information), dubbed Collection 1. Its folder contains more than 12,000 files and is as large as 87 gigabytes. These files were originally found on cloud service MEGA, a popular hacking forum as C0rpz, now was posted in other places.

There are exact numbers of the package:
  • 2.7 billion rows of data in the databases
  • 1.1 billion unique email addresses and password combinations
  • Unique email addresses included down to 772,904,991
  • 21 million unique, plain text passwords
There are 2 points to raise the attention of researchers:

Some data are outdated: It isn't from a single data breach; instead, the collection is composed of data pulled together from multiple data breaches and leaks. Some of them happened two to three years ago.

Some people think stale data, especially passwords and emails, are not valuable for re-sue. However, in phishing and extortion campaigns, even an outdated password is still possible to cheat unsuspecting users to give their information or even pay a ransom.

Some data are legitimate: Collection 1 has 12,000 files, and a total of 87GB of data, the actual origin of the email addresses and passwords would appear to be multiple sources. Some data may be collected without breaking any law, but dumping them into the public domain or trading them on the dark web will cause legal issues.

2. Dangers and actions
If your email and password are in Collection 1, possibly you will be a target of various Internet attacks. For example, credential stuffing in account takeover exploits is a typical online attack. Namely, someone uses known email addresses and passwords at multiple sites and services, hoping that they have been re-used. If anyone registers on a different website with the same email and password, they are at high risk in this case.

Do you need to check privacy data leaked positively? Certainly! You cannot rely on the notification of organizations that have been breached. Instead, periodically checking if your private data leaked is strongly recommended. Based on what we discussed above, the main points are:
  • Some data breaches are never detected. If so, you never get any report or warning for the risk.
  • Many data breaches cannot be detected very soon; the longer the delay, the more risk you take.
  • Some organizations don't disclose data breaches by law, they may be fined, but you know nothing about the risk.
  • Some data may be collected without breaking any law, the trade may be illegal, but none will report unless victim-self.
If users don't take steps to protect or change credentials after a breach, they are at risk of being targeted again and again. So our advice to users is to take a look to see if their private information is caught up in this latest data dump.

Check if your data leaked by the data dump
It isn't an easy job because the leaked data are in the hands of cybercriminals. If they start to trade these data, none know what data are breached. Some Internet security experts do their best to trace data breaches and update databases to offer precise results. These websites deserve you to try to check if any private information leaked.
  • https://haveibeenpwned.com/
  • https://sec.hpi.de/ilc/search
HIBP (Have I Been Pwned) aggregates data breaches to make it easy for people to find out if their data leaked. You can quickly check if you've been compromised here. Once there, enter your email address to see if you are in breach database. Besides, you can check if your password was compromised too.

If you are on any of these lists, go forth and change your passwords immediately. If not, don't forget to re-run the check next month.

3. Leakage isn't just in Collection 1
Collection1 is just a big and famous dump. The research team Insikt Group from US security firm Recorded Future reported that a forum post created authored by Clorox linked other six dumps with the 87GB Collection 1 together:

  1. ANTIPUBLIC 1: 102GB
  2. AP MYR & ZABUGOR 2: 19.49 GB
  3. Collection 2: 528 GB
  4. Collection 3: 37GB
  5. Collection 4: 179GB
  6. Collection 5: 41GB
If the list includes 1000GB of stolen data containing more than 25 billion records, we believe many of the leaked accounts are duplicated. It's always a complicated task to check email and passwords from such a large data sample. It's impossible to maintain a reliable leaked data bank. The famous database of HBP (Have I been Pwned) was incomplete too and was "only a fraction of the original dump known on the dark web as Collection #1."

As the data breach doesn't stop and the stolen data will be updated accordingly, you should keep checking privacy data by the right tool and service at least monthly.