A second, massive Collections leak of 2.2 billion email addresses probably has your information

Changing your password, enabling two-factor authentication, and even using a password manager are essential responses to the new "Collections #2-#5" leak.

Like a bad movie, the sequel to the “Collections” data breach—Collections #2-#5— have snared an estimated 2.19 billion email addresses and passwords, far more than the original leak.

Researchers at the Hasso Plattner Institute have reportedly discovered that that 611 million of the credentials in Collections #2–5 weren’t included in the Collection #1 database. That brings the total to 2.19 billion, though its not clear whether some of this information may have been circulated elsewhere, according to heise.de

What’s clear, though, is that with over 2 billion email addresses and passwords on the loose, it’s almost certain that one of yours may be in the hands of potential attackers. (A private email I hardly ever share escaped being exposed, but a more public email address I’ve used appeared in a number of different databases.)

What can you do?

Though researcher Troy Hunt, the owner of the HaveIBeenPwned website, has added the previous “Collection #1” database, the remaining “Collections” have yet to be added. The Hasso Plattner Institute has its own Identity Leak Checker, however, which has added the database. The Identity Leak Checker asks for your email (nothing more), then uses that email to generate a list of information that’s out in the wild, including your name, IP address, and password, if applicable.

What the Identity Leak Checker can do is tell you if a password has been matched to your email address. What it can’t tell you is how recent that password actually is. It’s probably a good idea to change an affected email address password again—yes, again—to something unique. 

If it’s available, you should also make sure that two-factor authentication is turned on, especially for email addresses that can potentially be exploited to obtain information from other sites that you have access to. Two-factor authentication isn’t foolproof, but it provides another layer of security. An even surer way to secure your personal information is with a password manager, which can automatically generate unique, secure passwords for the services you use.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Mark Hachman

Mark Hachman

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?