Security expert Troy Hunt just added a huge new dataset to the Have I Been Pwned database containing 183 million new email accounts with leaked login details. It was collected with the help of Synthient, a security product that helps detect and block bad actors on platforms. (Have I Been Pwned is a great way to stay on top of fresh data breaches!)
According to the HIBP announcement post, the data includes both email addresses and their corresponding passwords, along with all the websites they’ve been entered into. The data was cleansed before inclusion into the database so that only unique accesses were included (i.e., no duplicate entries).
This brings the total number of accounts that have been “pwned” (i.e., affected by verifiable data leaks) to over 15.3 billion. Yikes.
Where did the data come from?
The access data was intercepted by so-called infostealers, which are malware that get installed on various systems with the sole purpose of collecting sensitive data and passwords. These then either end up directly with hackers, who can use them for phishing campaigns and scam attempts, or they’re sold online.
In some cases, this results in huge data sets containing the access data of millions of people. Often these people are unaware of this unless they fall victim to a targeted attack shortly afterwards—or they regularly check whether their data is included in fresh data leaks.
How to check if you’re affected
You can check on the Have I Been Pwned website whether you’re affected by one of the data leaks. Simply enter your email address and you’ll be informed directly whether your account is compromised.
Not only will you see which data leaks affected you, but also exactly what data was involved in each leak. If HIBP says your login data was leaked, you should immediately change the passwords of affected accounts as well as all accounts that use the same passwords or are otherwise linked to the compromised accounts.
If you’re seeking more information or want to be notified any time your email address is compromised, you can sign up for HIBP here.
Further reading: How to check if your SSN was leaked
