Massive Data Leak Exposes 1.3 Billion Unique Passwords

Massive Data Leak Exposes 1.3 Billion Unique Passwords


The “Have You Been Hacked” (HIBP) service, which specializes in notifying users when their data has been compromised, processed this massive data collected from multiple sources, in which cybercriminals published stolen credential information.

“This group is nearly three times the size of the largest breach we have previously seen,” said Troy Hunt, CEO of HIBP, who admitted that one of his passwords appeared on the list.

The collection includes 1,957,476,021 unique email addresses and 1.3 billion unique passwords, including 625 million passwords that had not previously been detected by HIBP. With than 5.5 billion Internet users around the world, experts have warned of the need to change passwords immediately as a precaution.

The logs combined previous breaches with lists of “credential stuffing,” a method used by attackers to try stolen passwords on multiple accounts. Many passwords were found to be outdated or unused, while some were still active and protecting accounts, reflecting real risks to users.

The HIBP service allows users to check whether their credentials have been compromised, in a secure, privacy-preserving way, without revealing email addresses.

Prevention tips:

  • Cybersecurity experts advise individuals to use secure password management software, create strong and unique passwords for each account, and activate two-factor authentication, especially for mail and administrative accounts.

  • Organizations should conduct periodic checks to detect reused or exposed passwords, implement systems to detect compromised passwords during login or when they are changed, review privileges, restrict service accounts, and remove old credentials.

“Credential stuffing” attacks are among the most dangerous attacks, as a single password leak can give attackers access to company systems, email accounts, and sensitive data. To combat this, it is recommended to implement zero-trust access models, enable multi-factor authentication, constantly monitor exposed credentials, as well as effective breach response plans and automated systems to prevent stuffing attempts.

Source: Daily Mail

Disclaimer: This news article has been republished exactly as it appeared on its original source, without any modification.
We do not take any responsibility for its content, which remains solely the responsibility of the original publisher.

Author:
Published on:2025-11-18 14:14:00
Source: arabic.rt.com

uaetodaynews

UAETodayNews delivers the latest news and updates from the UAE, Arab world, and beyond. Covering politics, business, sports, technology, and culture with trusted reporting.

Disclaimer: This news article has been republished exactly as it appeared on its original source, without any modification. We do not take any responsibility for its content, which remains solely the responsibility of the original publisher.

Author: uaetodaynews
Published on: 2025-11-18 10:28:00
Source: uaetodaynews.com

Related Articles

How Napoleon’s Army Met Its Doom: DNA Reveals Surprise Illnesses Had A Role

October 25, 2025

X For IOS Finally Offers Widgets, Five Years After First Teasing Them

4 weeks ago

Launching Samsung Galaxy XR glasses that support Androi…

October 22, 2025

Apple Is Exploring A Camera Upgrade That Could Change How IPhones See

2 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button