Fact Checked

773 million consumer accounts were exposed in a massive data dump. Here’s what you can do.

Woman looks worried as she checks her phone while working on her laptopImage: Woman looks worried as she checks her phone while working on her laptop
Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.

A data dump has exposed the information of nearly 773 million consumers. If you’re one of them, there are some ways to reduce your risk.

By volume, it’s the largest exposure of compromised info ever, according to Troy Hunt of the site Have I Been Pwned. Hunt discovered the so called data dump — known as Collection #1 — this week, which included some 773 million unique email addresses and about 21 million unique passwords.

The data set was uploaded on cloud server site MEGA and was mostly a collection of info from numerous, past data breaches. However, some 140 million email addresses and 10 million passwords were not previously included in Have I Been Pwned’s database, meaning they may have been newly exposed.

The Collection #1 data set has been removed from MEGA’s site, but hackers may have stored the information elsewhere. If this event has you worried, here are some tips to that might help you reduce your risk:

  • Don’t re-use your passwords. Even if you weren’t among the users affected by any particular public data breach, it’s always a good idea to change your passwords every so often. When changing your passwords, make sure they’re strong and hard to guess. Generally, using a mix of letters, numbers, cases and symbols works best. Also, be sure to avoid using the same password across multiple sites.
  • Enable multifactor authentication. Even if you have a strong password, some websites may not store their data securely. For an added layer of protection, think about enabling two-factor authentication on any site or account that offers it.
  • Monitor your credit reports, and consider freezing your credit. If you’re worried that your information may have been compromised in a public data breach, you can ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze your credit reports.

Alternatively, you might want to consider a fraud alert, which gives potential lenders and creditors a heads-up that you might be the victim of identity theft and they should contact you before opening an account in your name.

If you’re a Credit Karma member, consider enabling our free credit monitoring service. We’ll notify you if we notice important changes in your TransUnion or Equifax credit reports so you can check for suspicious activity.


About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer and editor and holds a bachelor’s… Read more.