79/68 Thursday, February 27, 2025
Have I Been Pwned (HIBP), a data breach notification service, has added over 284 million stolen accounts to its database after discovering the data being shared on a Telegram channel named “ALIEN TXTBASE”—a repository for credentials stolen by info-stealing malware. Troy Hunt, the founder of HIBP, revealed that the dataset spans 1.5TB and contains 493 million unique website and email combinations, affecting over 284 million user accounts. Additionally, HIBP has added 244 million new passwords and updated 199 million existing passwords in its Pwned Passwords system, helping users check the security of their credentials.
The stolen data may be linked to both old and new breaches, as well as credential stuffing attacks, where cybercriminals use leaked accounts to attempt logins across various websites. Before adding the data to HIBP, Hunt verified its authenticity by testing password reset requests with the stolen email addresses. Organizations subscribed to HIBP’s monthly service can now utilize its new API to check whether their customers’ accounts have been compromised by searching emails or domains associated with their systems.
HIBP has also added records from previous breaches, including 441,000 accounts stolen by the RedLine malware in December 2021 and 12 million accounts from Zacks Investment users, whose credentials were exposed in a separate data leak.
