21,222,975 passwords. 772,904,991 email addresses. At some point, this user information was stolen, compiled and posted as a data set called “Collection #1” in Internet forums, as IT security expert Troy Hunt reports on his blog. The number of published e-mail addresses is thus almost twice as high as the population of South America.

Hunt has prepared the data and suspects that it was intended for so-called “credential stuffing”. This is the automated use of revealed username and password combinations to illegally gain access to user accounts and, if necessary, take them over completely.