A massive new leak has exposed billions of login details online. Know how to safeguard your password how you can check your own credentials.
A new collection of exposed login details is circulating online, and it contains 1.3 billion passwords along with 2 billion email addresses. Security researchers say the data did not come from a single breach. Instead, it was gathered from years of leaked credentials already present on open websites and dark-web forums.
The threat intelligence firm Synthient assembled this collection after scanning multiple sources for exposed logins. The company had earlier found more than 180 million leaked email accounts, and this new compilation expands on that work. Much of the data originates from older breaches and long-running credential-stuffing lists that cybercriminals trade and reuse.
Also read: 5 Reasons why OnePlus 15 could be the better pick over the Samsung Galaxy S25 Ultra
Synthient combined the entire dataset and worked with Troy Hunt, the creator of Have I Been Pwned, to verify and make the information searchable. Hunt tested the data using one of his old email addresses and confirmed that known stolen passwords matched entries in the new collection. He then asked a group of Have I Been Pwned subscribers to check their own details, which helped confirm that the dataset also includes previously unseen credentials.
Also read: YouTube Music adds a faster way to find songs: Here’s how it works
How to Check Your Passwords
Have I Been Pwned has added the exposed passwords to its Pwned Passwords service. This tool allows anyone to check passwords without revealing them, as the process runs locally in the user’s browser and does not store email addresses.
Users can visit the Pwned Passwords search page to see if any of their active passwords appear in the leak. If a match appears, they should change that password immediately. Password managers such as Bitwarden, LastPass and Proton Pass offer free password-generation tools that create strong replacements.
Also read: College students can now claim Microsoft 365 Personal full access for free for one year: Here’s how
How to Protect Your Accounts
Security experts recommend avoiding password reuse, as attackers often take one stolen login and test it across multiple sites. They also advise creating strong and unique passwords for every account and enabling two-factor authentication for added protection. Since malware can capture login details directly from infected devices, users should secure their systems with reliable antivirus software and avoid suspicious links or downloads.
Those looking for alternatives can explore passkeys, which use cryptographic keys instead of passwords and resist phishing and credential theft. Strong digital habits and regular checkups can help users stay ahead of emerging threats.
The article originally appeared on Hindustan Times
