Fact Checked

773 million consumer accounts were exposed in a massive data dump. Here’s what you can do.

Woman looks worried as she checks her phone while working on her laptopImage: Woman looks worried as she checks her phone while working on her laptop
Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

A data dump has exposed the information of nearly 773 million consumers. If you’re one of them, there are some ways to reduce your risk.

By volume, it’s the largest exposure of compromised info ever, according to Troy Hunt of the site Have I Been Pwned. Hunt discovered the so called data dump — known as Collection #1 — this week, which included some 773 million unique email addresses and about 21 million unique passwords.

The data set was uploaded on cloud server site MEGA and was mostly a collection of info from numerous, past data breaches. However, some 140 million email addresses and 10 million passwords were not previously included in Have I Been Pwned’s database, meaning they may have been newly exposed.

The Collection #1 data set has been removed from MEGA’s site, but hackers may have stored the information elsewhere. If this event has you worried, here are some tips to that might help you reduce your risk:

  • Don’t re-use your passwords. Even if you weren’t among the users affected by any particular public data breach, it’s always a good idea to change your passwords every so often. When changing your passwords, make sure they’re strong and hard to guess. Generally, using a mix of letters, numbers, cases and symbols works best. Also, be sure to avoid using the same password across multiple sites.
  • Enable multifactor authentication. Even if you have a strong password, some websites may not store their data securely. For an added layer of protection, think about enabling two-factor authentication on any site or account that offers it.
  • Monitor your credit reports, and consider freezing your credit. If you’re worried that your information may have been compromised in a public data breach, you can ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze your credit reports.

Alternatively, you might want to consider a fraud alert, which gives potential lenders and creditors a heads-up that you might be the victim of identity theft and they should contact you before opening an account in your name.

If you’re a Credit Karma member, consider enabling our free credit monitoring service. We’ll notify you if we notice important changes in your TransUnion or Equifax credit reports so you can check for suspicious activity.


About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer and editor and holds a bachelor’s… Read more.