2.2 billion passwords leaked in the largest breach in history – Are you safe?

15. February 2019

Like a bad movie the first leak was just the beginning. Now the Collections #2-#5 are breaking the previous one with billions of data leaked on the net. Your data might be out there and available for any attacker to misuse.

Picture of a potential attacker of passwords

Collection #2 – 2.2 billion passwords leaked!

The Collection #2 leak is huge compared to its predecessor. Under the name the Collection #1, almost 773 million email addresses and passwords were leaked on the 17th of January 2019. Forbes wrote, that the login information had been posted on a hacker forum. Thus available for anyone to see.

Now the new leak that has surfaced have been dubbed the “Collection #2-#5”. According to PCWorld and Wired, more than 2.2 billion usernames and passwords have been leaked and the data is flowing around freely on the web.

In other words – 2.2 billion passwords are available to everyone that look into the ‘Collection #2’-document – you and me included.


Are you sure that your data is not among it and flowing around freely for all to see?

In HTML24, we have looked at our own passwords. Luckily, our work passwords are still OK, but many of us, could find our personal passwords included in the Collection #2.

It is actually highly likely that your personal password, could be found in that document. With more than 2 billion email addresses and passwords loose on the net, the chance of your passwords ending in the hands of a potential attacker is quite high.

You can make a quick check whether you have been affected by the Collection #2 at HaveIbeenpwned. This website is according to Wired integrated with 1Password, a known password manager.

PCWorld suggest using a tool from the Hasso-Plattner-Institut (HPI). With this you can acquire more specific data through the HPO Identity Leak Checker.

However, HPI, will need your email to generate a list of which of your information is running around in the wild.

What to do?

If you are among the misfortunate people whose data has been leaked, then you should do the following:

  • Change your password immediately
  • Enable two-factor authentication
  • Make use of a password manager, for instance 1Password

Picture for securing passwords

What would it mean to have your password misused?

Free access to your username and password in plaintext can be dangerous. Any potential attacker with malicious intent can misuse your personal information and email.

It is highly likely that an attacker would use your email to scam your personal contacts disguised as you.

Spreading a virus would also be possible, to gain access over your computer or your contacts. In the end, this could have consequences for your social life and economic situation.

Cyber security

Would you like to learn more about cyber security, then head over to our previous blog post “Do you have strong cyber security”. Learn more here about digital security and which techniques you can adopt to secure your business.

Here at HTML24 we provide security, not for your employees and their personal computers, but for our clients’ websites and web apps. For examples, consider reading our customers cases on the Danish State Hospital (Rigshospitalet) or the trade union, HOD.

Are you seeking a digital agency to implement higher security or build a website for you? We would love to assist you in finding your next solution. Whether it is a website, webshop or making your systems more stable through our unique integration platform. We are here for you!

Don’t hesitate! Contact us now in the field below.

Published 15. February 2019
Af Marcus Hove

Should we call or write to you? Fill in the fields below.