Early this year, news broke about the biggest data collection of data breaches to date. It was called Collection #1 and if you, like many of us, wondered why — you’re about to find out. Turns out, Collection #1 was the first in a series of collections of personal info from data breaches collected and sold on the Dark Web. Additionally, the cyber-security firm Recorded Future says they’ve identified the cyber criminal behind Collection #1.

According to Recorded Future, the person behind these data troves is a hacker who used the pseudonym “Corpz.” In addition to Collection #1, he’s also being given credit for seven more data collections:

• "ANTIPUBLIC #1" (102.04 GB)
• "AP MYR & ZABUGOR #2" (19.49 GB)
• "Collection #1" (87.18 GB)
• "Collection #2" (528.50 GB)
• "Collection #3" (37.18 GB)
• "Collection #4" (178.58 GB)
• "Collection #5" (40.56 GB)

According to ZDNet, the AntiPublic collection was already leaked and had been shared around since April 2017. The others, however, are new and hadn’t been seen online until this month. The files contain more than 3.5 billion user records, including email addresses and passwords, usernames and passwords, and cell phone numbers and passwords.

And while Corpz and his associates “Sanix” and “Clorox” have been called hackers in a lot of the media about the breach, this may be a misnomer. Andrei Barysevich, Director of Advanced Collection at Recorded Future, told ZDNet that there’s no evidence that these individuals actually hacked the data themselves. Instead, it appears they “merely aggregated the data” over a period of time. Barysevich also suggested that the digital footprints left by the criminals suggest a lack of sophistication.

Cyber criminals who aggregate and sell stolen data are called “data hoarders” and they’re relatively new players in the cyber crime game. As an increasing number of companies get hacked, the value of those individual hacks have dropped. In order to keep making money despite the devalued product, criminals started aggregating and selling massive data troves, like the ones discovered here.

More than anything, these data troves reveal just how exposed most of personal information is online. The internet grew rapidly with few security measures and little consumer awareness — and cyber criminals have been taking advantage of that fact from the beginning. Considering we’ve been on the world wide web for almost three decades, there are a lot of possibilities for theft.

So what can the average consumer do about it? The only thing is to follow basic online security protocol. Use unique and hard to guess passwords for every account. Change those passwords periodically and store them in a password manager. Set up two-factor authentication on any accounts that offer it. And just know that your personal information is floating around there on the Dark Web, no matter how careful you’ve been. It’s not your fault — but there are always things you can do to protect yourself.