Mother of all data breaches sees 1.3 BILLION passwords exposed

A staggering trove of 1.3 billion passwords, along with nearly two billion email addresses, has been found publicly accessible online, raising significant concerns about online security.

The revelation comes from Have I Been Pwned (HIBP), an online platform that alerts individuals if their information has been compromised in a data breach. This extensive dataset amalgamates data from several sources where cybercriminals have shared stolen login details.

Troy Hunt, the CEO of HIBP, revealed that even his password was part of this breach. He noted, “This collection is almost three times larger than any previous breach we have ever processed.”

The exposed data includes 1,957,476,021 individual email addresses and 1.3 billion distinct passwords, with 625 million of these passwords being new to HIBP’s records.

Given that over 5.5 billion people worldwide are internet users, experts are advising everyone to update their passwords as a safety measure.

This massive data dump not only consists of information from past breaches but also includes lists used for credential stuffing, where hackers attempt to access various accounts using stolen passwords.

HIBP verified the dataset by checking actual users’ credentials. Many passwords were old or unused, but others were still actively protecting accounts, illustrating the real-world risk.

Hunt offered HIBP to help users determine if their credentials were compromised, allowing them to check email addresses and passwords for instant results.

The dataset includes 1,957,476,021 unique email addresses and 1.3 billion unique passwords

The dataset includes 1,957,476,021 unique email addresses and 1.3 billion unique passwords 

HIBP’s Pwned Passwords service allows anyone to check if a password has been previously exposed without revealing which email addresses it was linked to, preserving privacy while improving security. 

‘I hate hyperbolic news headlines about data breaches, but for the ‘2 Billion Email Addresses’ headline to be hyperbolic, it’d need to be exaggerated or overstated – and it isn’t,’ Hunt said.

‘It’s the most extensive corpus of data we’ve ever processed, by a margin.

Cybersecurity experts are urging immediate action, telling individuals to use a secure password manager and create unique, strong passwords for each account. 

Two-factor authentication should be enabled on all accounts, with priority given to email and administrative logins. 

Organizations are advised to run credential checks to identify reused or exposed passwords among users. 

Breached-password detection should be implemented during logins and password changes. Access privileges should be audited, service accounts restricted, and outdated credentials removed. 

For individuals, the key takeaway of the data breach is clear: passwords alone are no longer enough.

With more than 5.5 billion people worldwide using the internet, researchers warned that a staggering number of individuals likely had at least some of their accounts compromised

With more than 5.5 billion people worldwide using the internet, researchers warned that a staggering number of individuals likely had at least some of their accounts compromised 

Organizations face similar challenges but on a larger scale. 

Credential-stuffing attacks are particularly dangerous because a single leaked password can give attackers access to corporate systems, email accounts, and sensitive data.

Enterprises are advised to adopt zero-trust access models, enforce least-privilege policies, implement MFA and monitor for exposed credentials continuously. Breach-response plans should be active, and automated systems should detect and prevent credential-stuffing attempts.

From a technical standpoint, processing this massive corpus posed significant challenges. 

HIBP had to optimize its Azure SQL infrastructure to manage two billion records alongside its existing 15 billion, while keeping the live service available to millions of daily users. 

Data was hashed and inserted in batches, with multiple rounds of verification and testing to ensure performance and accuracy. Email notifications to affected subscribers were carefully staggered to prevent throttling and maintain deliverability.

Ultimately, this massive dataset highlights the continuing risks posed by reused and compromised credentials. 

You May Also Like

Alex Brummer: Why the Treasury Is Poised to Resist Burnham’s Plans

It is often called the most recognisable front door in Britain. Yet…

NYC Cop’s Routine Parking Lot Patrol Turns Into Life-Saving Act of Courage

A hospital police sergeant in the Bronx is being praised for her…

Belgium Hit Four to End USA’s World Cup Dream

Donald Trump, it seems, had focused his concern on the wrong forward.…

San Francisco Democratic Activist Manny Yekutiel Accused of Groping Former Friend

A prominent San Francisco activist now seeking public office is facing an…

Keir Starmer Braces for Donald Trump Showdown at High-Stakes NATO Summit

Keir Starmer makes what is expected to be his final appearance on…

Folarin Balogun Doubtful for USA vs Belgium as World Cup Chaos Deepens

Folarin Balogun’s availability for the United States’ World Cup clash with Belgium…

Dramatic NYPD Bodycam Captures Rescue of 8 as Seaplane Capsizes

Dramatic NYPD bodycam video shows the urgent effort to rescue eight people…

Carole and Pippa Middleton Turn Heads With Polished Wimbledon Style

Carole and Pippa Middleton brought understated summer polish to Wimbledon today as…

Keir Starmer’s NATO Visit Overshadowed as Labour Defence Plans Branded a Pantomime

Labour’s defence strategy has been dismissed as a “pantomime” after fresh data…

Simple Diet Rule May Help You Lose 15 Pounds in Six Weeks

Looking at herself in the bathroom mirror, Emma Bardwell felt completely worn…

UEFA Blasts FIFA’s Controversial Ruling Allowing U.S. Soccer Star to Play

UEFA has fiercely condemned FIFA’s move to clear United States forward Folarin…

Iranian Loyalists Threaten to Assassinate Trump During Khamenei Funeral

Regime supporters in Iran called for President Trump to be killed during…