Researchers Reveal Suspect Behind Collection #1 Mega Breach

Published on:
Man typing on a pc with padlock.
Cybersecurity firm Recorded Future reports details on a possible source of the recent “Collection #1” leak of stolen email addresses and passwords.

A U.S.-based cybersecurity firm, Recorded Future, alleges to have identified a hacker allegedly responsible for exposing stolen data in a recent leak dubbed Collection #1.

Experts from Recorded Future’s threat intel team have claimed that the hacker goes by the pseudonym “C0rpz.”

According to the company, multiple individuals came out claiming to serve as the source of the breached data.

However, Recorded Future has stated that after their assessment, C0rpz is the principal source of Collection #1.

Alleged Identity of the Hacker

The experts also believe that the hacker collected the data for over three years, which included data from companies that were hacked in the past.

C0rpz later sold the information to other hackers who sold it as well as put it out there for free.

Your TOR usage is being watched

One of the hackers who bought from C0rpz included an individual known as “Sanix.” Security reporter Brian Krebs had earlier identified Sanix the source of the data dump.

Another hacker is Clorox, responsible for releasing the data for free on the dark web as well as URLs to separate databases hosted on MEGA.

Last month, the security researcher Troy Hunt was first to discover Collection 1, which contained 772,904,991 unique emails and 21,222,975 unique passwords.

Other Discoveries Made by Researchers

Later in January, researchers at Germany-based Hasso Plattner Institute uncovered an additional 611 million credentials attributed to Collection #2-5 that were not in Collection #1.

In addition, they found 750 million credentials that were not included in their database, Identity Leak Checker, of leaked data.

According to David Jaeger, a researcher at Hasso Plattner Institute, some of the data can be attributed to automated hacking of smaller websites.

This can allege some of the data is being leaked for the first time.

Research has shown that Collection #1 was only part of a mega-collection that constituted seven additional data dumps. The list below represents a breakdown of the databases:

  • Collection 1 (87.18 GB)
  • Collection 2 (528.50 GB)
  • Collection 3 (37.18 GB)
  • Collection 4 (178.58 GB)
  • Collection 5 (40.56 GB)
  • AP MYR & ZABUGOR2 (19.49 GB)
  • ANTIPUBLIC 1 (102.04 GB)

In total, the whole package is a massive 993.53 GB in size and is rumored to contain over 3.5 billion credentials including passwords together with usernames, email addresses and telephone numbers.

Hacker with gloves typing on a laptop.
The experts also believe that the hacker collected the data for over three years, which included data from companies that were hacked in the past

According to Recorded Future’s report, the firm has also uncovered an additional possible source for Collection #1 after a hacker stated that Collection #1 was included in a data dump in their possession.

The hacker posted a direct download link and a magnet link on a Russian-speaking hacker forum to the database alleged to contain over 100 billion user accounts.

What It Means

When all is said and done, it does not matter who the source of the data is since data vendors are now assembling leaks from distinct sources into mega collections to make a profit.

This was as a result of more and more company systems being breached. This flooded the market typically pushing the profits of selling individual data leaks down.

Lap top with padlock on the keyboard.
A U.S.-based cybersecurity firm, Recorded Future, alleges to have identified a hacker allegedly responsible for exposing stolen data in a recent leak dubbed Collection #1.

This means that there is a possibility that more data is out there in similar mega collections and is being shared on dark web hacking forums without the knowledge of the public eye.

All that one can do is adopt personal measures to mitigate the impact of such a breach.


Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.