Hackers have been passing around a huge batch of stolen account details, nearly 183 million of them, according to researchers. The leaked emails and passwords have been floating through dark web circles for months, putting millions of users at risk.
Investigators traced the breach to a type of malicious software known as an ‘infostealer’, which quietly captures a user’s keystrokes, including usernames and passwords, as they browse the web. Hackers later bundled this stolen data into massive “stealer logs” and distributed them across underground forums and Telegram channels.
Earlier this month, cybersecurity firm Synthient, working with the breach-tracking site Have I Been Pwned, exposed the vast scale of the operation. After analyzing 3.5 terabytes of stolen data, Synthient identified around 183 million sets of login credentials. The findings were later verified by security researcher Troy Hunt, creator of HaveIBeenPwned.com, who confirmed the authenticity of the compromised accounts, many of them tied to Gmail.
The exposed dataset aggregates information from multiple attack vectors, primarily ‘infostealer’ malware and credential stuffing campaigns, in which threat actors exploit reused passwords from prior breaches to compromise additional platforms.
How to Check if Your Password is Compromised
1. If you’re worried about your passwords, you can easily check them for free on Have I Been Pwned (click here). The site tells you if any of your passwords have shown up in a known leak, including this latest one.
2. All you need to do is type your password into the checker. You don’t have to share your email, and it’ll immediately tell you if that password has ever been leaked, and how many times it’s shown up.
3. It’s important to note that finding your password on Have I Been Pwned doesn’t mean your device was compromised. Rather, it shows that the password is already known to cybercriminals and should be considered unsafe for continued use.
Essential Steps if Your Password is Found
If you discover your password has been compromised, immediate action is crucial.
1. Prioritize Your Email: Begin by resetting the password for your primary email account. This is your most critical account, as it is often used to reset passwords for other services, including financial institutions.
2. Update Other Accounts: Next, change the password on any other online accounts where you used the same or a similar password.
3. Enable Stronger Verification: Wherever possible, activate multi-factor authentication (MFA). This security measure requires a second form of verification, such as a code from a smartphone app or a text message, in addition to your password, significantly enhancing your account’s defense.
In addition, it is very important to ensure that the password for your most valuable accounts used for banking, business, or primary email is never the same as the password you use to register on less trustworthy websites and social media. You can also choose a strong password combination as a precaution.
Maybe you would like other interesting articles?