A massive online leak has exposed more than 183 million stolen email passwords gathered from years of malware infections, phishing campaigns and older data breaches. Cybersecurity experts say it is one of the largest compilations of stolen credentials ever discovered.
Security researcher Troy Hunt, who runs the website Have I Been Pwned, found the 3.5-terabyte dataset online. The credentials came from infostealer malware and credential stuffing lists. This malware secretly collects usernames, passwords and website logins from infected devices.
Researchers say the data contains both old and newly discovered credentials. Hunt confirmed that 91% of the data had appeared in previous breaches, but about 16.4 million email addresses were completely new to any known dataset.
More Info