Have I Been Pwned Reveals Massive 284 Million Account Credential Leak

Have I Been Pwned (HIBP), the renowned data breach notification service, has added an unprecedented 284 million compromised accounts to its database after analyzing massive information stealer logs discovered on a Telegram channel.

HIBP's founder Troy Hunt revealed that the collection, named "ALIEN TXTBASE", contained an extensive 1.5TB of data with 23 billion rows and 493 million unique website and email address pairs. The leaked credentials potentially represent both new and existing stolen accounts from various sources.

Before integrating these accounts into HIBP's database, Hunt meticulously verified their authenticity by attempting password reset emails for the compromised addresses. The massive leak also introduces 244 million previously unseen passwords to the Pwned Passwords database.

The newly added APIs now enable domain owners and website operators to efficiently search for stolen credentials by email domain or website domain through a monthly subscription service. This feature allows organizations to proactively identify potentially compromised user accounts and take preventive measures.

Hunt emphasized that while regular users can subscribe to HIBP notifications to check their credentials, the service intentionally limits public exposure of sensitive service details to protect user privacy.

This significant data leak follows previous similar incidents, including the 441,000 accounts stolen through RedLine malware in December 2021 and the 12 million Zacks Investment user accounts exposed earlier. The continuous addition of compromised credentials underscores the persistent cybersecurity challenges faced by online platforms and users alike.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: