The 2019 Collections Data Breach: What Was Exposed and Who Was Affected?

In January 2019, the cybersecurity community uncovered a massive data dump dubbed the "Collections" breach. This incident involved the distribution of one of the largest troves of stolen credentials ever found, with nearly 2.7 billion records surfacing on a well-known hacking forum. The stash contained around 773 million unique email addresses paired with passwords, most of which originated from previous breaches of unrelated websites and online services. The purpose behind the compilation was clear: these records were being used in credential stuffing attacks, where hackers attempt to gain unauthorized access to various accounts by trying these exposed email and password pairs across different platforms.

What Exactly Was the Collections Breach?

The Collections breach wasn’t the result of a single site being hacked. Instead, it was a vast aggregation of data—several past breaches merged into one overwhelmingly large database. This database made it much easier for attackers to automate login attempts on countless sites that might reuse passwords.

When Did the Breach Happen?

The leak was first reported in early January 2019, after security researchers discovered the files being openly shared and traded in criminal circles. The files had likely been compiled over several years, but their widespread distribution in early 2019 marked the true impact of the breach.

What Data Was Exposed?

The data set exposed in the Collections breach included:

• Email addresses—773 million unique entries
• Passwords—paired with each email, sourced from a variety of earlier leaks

No other personal details, such as full names, phone numbers, or payment information, were directly included in the commonly circulated lists.

How Many Users Were Impacted?

The total record count across all Collections files was close to 2.8 billion, though the unique email count stood at 773 million. This means many users saw the same credentials appear multiple times in the dataset, sometimes with different password combinations taken from various incidents. The sheer volume made it one of the largest public credential leaks of its kind to date.

What Was the Timeline of Events?

• January 7, 2019: The breach was first reported, with files containing billions of records discovered on a popular hacker forum.
• Following days and weeks: Security researchers analyzed the dataset and confirmed its makeup: a compilation of older, already-leaked credentials now bundled together for credential stuffing purposes.
• Ongoing: The dataset continued to circulate, leading organizations to review prior incidents and notify affected users where possible.

Frequently Asked Questions About the Collections Breach

What happened in the 2019 Collections data breach?

The Collections breach was the discovery of nearly 2.7 billion email and password combinations being distributed in hacking circles. The database consisted of credentials from various earlier breaches, packaged together for large-scale credential stuffing attacks.

How many people were affected by the Collections breach?

About 773 million unique email addresses were exposed in the Collections breach. With close to 2.8 billion total records, some users were affected multiple times across different breaches included in the compilation.

What data was leaked in the Collections breach?

The Collections breach exposed email addresses and passwords. No other personal details, such as names or payment info, were directly included in the distributed lists.

Who was responsible for the Collections breach?

The breach itself wasn’t the result of a single hack but a compilation of multiple previous incidents put together and shared by unknown parties on hacking forums.

How can I check if I'm in the Collections breach?

You can check if your information was part of the Collections breach by utilizing the DeHashed search engine.