What’s happened?
The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames.


Titled ‘Collection #1’, the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large collection of email addresses, hashed and plaintext passwords had been distributed on a known hacking forum.


Does it affect me?
Unlike other data breaches, this breach cannot be tied down to one site. Instead it appears to comprise multiple breaches across a number of websites/services.
To find out if your email has be compromised visit the Have I Been Pwned service managed by Troy Hunt.


How do I stay safe?
There are a few simple steps you can take to help keep your information safe:

  • Use a strong password and don’t re-use the same password on multiple websites.
  • Change your password on any accounts where you may have used the same email and password combination.
  • Use multi-factor authentication where available to give your accounts an extra layer of security.

If you are concerned that your personal information has been compromised and misused, you can contact Australia’s National Identity and Cyber Support Service, IDCare or use their free Cyber First Aid Kit.
If you have been a victim of a cybercrime such as fraud, report it to the Australian Cybercrime Online Reporting Network (ACORN).


More information
Stay Smart Online has more information on creating strong passwords, using two-factor authentication and protecting your personal information online.


Facebook: www.facebook.com/staysmartonline
Email: StaySmartOnline@ag.gov.au
Web: www.staysmartonline.gov.au


The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

This information has been prepared by the Australian Cyber Security Centre (‘the ACSC’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.