Hacking, AppSec, and Bug Bounty newsletter

2019-01-17 | Collection #1, Ethereum network upgrade delayed due to security bug discovered, and 100 pages of Burp Suite tips

Thursday, January 17


  • The breach to rule them all: Collection #1. A few data points for scale:
    2,692,818,238 rows of email addresses and passwords

1,160,253,228 unique combinations of email addresses and passwords

772,904,991 unique email addresses

21,222,975 unique passwords

12,000 separate files

87GB of data

Wired has an overview in addition to Troy’s great post hyperlinked above. And help a brother out and donate to haveibeenpwned!



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

In total, 23 of my email addresses have been pwned in 34 different breaches/releases.

Dylan Reeve

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.