Skip to content
Search

Latest Stories

Cybercriminal mega-leak spills 1.3 billion passwords and 2 billion email addresses

The cache includes data linked to major email platforms such as Gmail, Hotmail, Outlook and Yahoo

data breach

The dataset was identified by Have I Been Pwned (HIBP)

iStock
Gayathri Kallukaran
By Gayathri KallukaranNov 18, 2025
Gayathri Kallukaran
Gayathri Kallukaran is a Junior Journalist with Eastern Eye. She has a Master’s degree in Journalism and Mass Communication from St. Paul’s College, Bengaluru, and brings over five years of experience in content creation, including two years in digital journalism. She covers stories across culture, lifestyle, travel, health, and technology, with a creative yet fact-driven approach to reporting. Known for her sensitivity towards human interest narratives, Gayathri’s storytelling often aims to inform, inspire, and empower. Her journey began as a layout designer and reporter for her college’s daily newsletter, where she also contributed short films and editorial features. Since then, she has worked with platforms like FWD Media, Pepper Content, and Petrons.com, where several of her interviews and features have gained spotlight recognition. Fluent in English, Malayalam, Tamil, and Hindi, she writes in English and Malayalam, continuing to explore inclusive, people-focused storytelling in the digital space.
See Full Bio
Follow:

Highlights

  • One of the largest password breaches ever recorded exposes 1.3 billion passwords and 2 billion email addresses.
  • Data originates from devices infected with “infostealer” malware used by cybercriminals.
  • Email services including Gmail, Hotmail, Outlook and Yahoo are affected.
  • Security experts urge anyone caught in the breach to change their passwords immediately.

Scale of the breach

A historic data leak has exposed an estimated 1.3 billion passwords and 2 billion email addresses, creating one of the most extensive breaches ever verified. The dataset was identified by Have I Been Pwned (HIBP), a service that alerts users when their information appears in compromised databases.

The cache includes data linked to major email platforms such as Gmail, Hotmail, Outlook and Yahoo. HIBP chief executive Troy Hunt said the scale of the breach is “nearly three times” larger than the previous biggest dataset loaded into the service. He also confirmed that 625 million of the passwords had never been seen in a breach before.

How the data was stolen

The information was harvested from systems infected with infostealer malware. These malicious tools scan devices for stored credentials and cookies, capturing login details before sending them back to cybercriminals. Portions of the stolen data – known as stealer logs – were later leaked on widely accessible platforms including messaging channels and public forums.

The incident follows another major breach less than a month earlier, which exposed 183 million account records.

Immediate steps for affected users

HIBP is urging anyone whose details appear in the breach to change their passwords without delay. Users can check their email addresses and passwords through the service’s lookup tools.

Strong passwords, experts say, avoid personal details, predictable patterns or references from popular culture. Unusual phrases, memorable punctuation and complex combinations are recommended to improve security.

How to check if you were affected

HIBP allows users to enter an email address to see if it appears in any known breaches. Those who create an account can also view a dashboard showing any instances where their information appears in stealer logs. A separate HIBP tool can confirm whether a specific password has been included in a past breach.

How cybercriminals steal login details

Malware such as spyware and keyloggers are among the most common tools for stealing credentials, quietly recording keystrokes or scraping stored data. These attacks are frequently combined with other methods including phishing and credential-stuffing campaigns.

The latest breach underscores the growing sophistication of cybercriminal networks and the vast amount of sensitive data now circulating on the open web. For millions of users, updating passwords remains the most immediate defence.

cybercriminalsgmailoutlookpassword breachesyahoodata breach

Related News

planet birth around infant star HOPS-315
Tech

Astronomers capture earliest moment of planet birth around infant star HOPS-315

More For You

Cloudflare

The incident renews concerns about the internet’s dependence

iStock

Cloudflare fault sweeps through major platforms as services stall

Highlights

  • Cloudflare suffers a global outage on 18 November 2025, disrupting a wide range of websites.
  • ChatGPT, X and several other platforms temporarily go offline.
  • Cloudflare cites an “unusual traffic spike” as the cause.
  • The incident renews concerns about the internet’s dependence on a few core infrastructure providers.

What happened and when

A widespread Cloudflare failure on Tuesday morning triggered service disruptions across the internet. The company reported a sharp, unexpected surge in traffic around 11.20am UTC, which led to internal service degradation. Websites using Cloudflare for content delivery, DNS services or security began returning error messages or failing to load altogether.

By late morning in the UK, Cloudflare said recovery was under way, although many users continued to face elevated error rates.

Keep ReadingShow less
© Copyright 2025 Garavi Gujarat Publications Ltd & Asian Media Group USA Inc
Contact Us