Highlights
- One of the largest password breaches ever recorded exposes 1.3 billion passwords and 2 billion email addresses.
- Data originates from devices infected with “infostealer” malware used by cybercriminals.
- Email services including Gmail, Hotmail, Outlook and Yahoo are affected.
- Security experts urge anyone caught in the breach to change their passwords immediately.
Scale of the breach
A historic data leak has exposed an estimated 1.3 billion passwords and 2 billion email addresses, creating one of the most extensive breaches ever verified. The dataset was identified by Have I Been Pwned (HIBP), a service that alerts users when their information appears in compromised databases.
The cache includes data linked to major email platforms such as Gmail, Hotmail, Outlook and Yahoo. HIBP chief executive Troy Hunt said the scale of the breach is “nearly three times” larger than the previous biggest dataset loaded into the service. He also confirmed that 625 million of the passwords had never been seen in a breach before.
How the data was stolen
The information was harvested from systems infected with infostealer malware. These malicious tools scan devices for stored credentials and cookies, capturing login details before sending them back to cybercriminals. Portions of the stolen data – known as stealer logs – were later leaked on widely accessible platforms including messaging channels and public forums.
The incident follows another major breach less than a month earlier, which exposed 183 million account records.
Immediate steps for affected users
HIBP is urging anyone whose details appear in the breach to change their passwords without delay. Users can check their email addresses and passwords through the service’s lookup tools.
Strong passwords, experts say, avoid personal details, predictable patterns or references from popular culture. Unusual phrases, memorable punctuation and complex combinations are recommended to improve security.
How to check if you were affected
HIBP allows users to enter an email address to see if it appears in any known breaches. Those who create an account can also view a dashboard showing any instances where their information appears in stealer logs. A separate HIBP tool can confirm whether a specific password has been included in a past breach.
How cybercriminals steal login details
Malware such as spyware and keyloggers are among the most common tools for stealing credentials, quietly recording keystrokes or scraping stored data. These attacks are frequently combined with other methods including phishing and credential-stuffing campaigns.
The latest breach underscores the growing sophistication of cybercriminal networks and the vast amount of sensitive data now circulating on the open web. For millions of users, updating passwords remains the most immediate defence.
