Cybersecurity experts have uncovered what could be one of the largest compilations of stolen login data ever recorded, with nearly 2 billion email addresses and 1.3 billion passwords leaked online. The findings, highlighted by Microsoft regional director and Have I Been Pwned creator Troy Hunt, show the staggering scale of compromised credentials now circulating across the dark web.
A cybersecurity company named Synthient has compiled a huge new dataset of stolen credentials, drawing from multiple past data breaches. The firm scraped the dark web for exposed email addresses and passwords, then removed duplicates to determine the total number of unique records. The final tally: 1,957,476,021 email addresses and 1.3 billion unique passwords — including over 625 million never seen before.
Hunt confirmed that this isn’t a single breach, but rather a massive aggregation of compromised data from countless sources. “I hate hyperbolic headlines about data breaches,” he wrote, “but for the ‘2 billion email addresses’ headline to be hyperbolic, it would need to be exaggerated — and it isn’t.”
The data forms what’s known as credential-stuffing lists — huge compilations of usernames and passwords that hackers use to test stolen credentials across multiple websites and apps. Since many users recycle the same password across different accounts, these lists are a goldmine for cybercriminals attempting to access personal or financial information.
Experts strongly advise users to change their passwords immediately, avoid reusing them across services, and enable two-factor authentication wherever possible. Tools like Have I Been Pwned can help individuals check whether their email addresses have been caught up in known breaches.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
