Tech News
← Back to articles

2B email addresses and 1.3B passwords compromised in multiple data breaches

2025-11-13 | original
read original related products more articles

Some 2 billion email addresses and 1.3 billion passwords have been compromised in a series of data breaches highlighted by a cybersecurity company.

Microsoft regional director Troy Hunt, who runs the site Have I Been Pwned, says the stolen data is more extensive than anything the site has ever processed …

To be clear, this isn’t a single data breach. Instead, security company Synthient sought out stolen logins available on the dark web and compiled them into a single database before eliminating duplicates to find out the total number of credentials available. Hunt says the company isn’t exaggerating.

I hate hyperbolic news headlines about data breaches, but for the “2 Billion Email Addresses” headline to be hyperbolic, it’d need to be exaggerated or overstated – and it isn’t. It’s rounded up from the more precise number of 1,957,476,021 unique email addresses, but other than that, it’s exactly what it sounds like. Oh – and 1.3 billion unique passwords, 625 million of which we’d never seen before either. It’s the most extensive corpus of data we’ve ever processed, by a significant margin.

The data was found in what are known as credentials-stuffing lists. The first thing a hacker does when they obtain email addresses and passwords from one website is to immediately try them on hundreds of other websites as they know that many people reuse the same passwords. This is why it is so dangerous not to have unique logins for every app, website and service you use.

What to do

If you want to know whether any of your own logins are found in this database, you can use the Pwned Passwords search feature. Hunt has designed this in such a way that the check is performed locally in your browser so that the site itself never gets to see your password.

If you don’t feel confident in this and are able to write your own code, then you can also use an API.

Additionally, you can sign up to be notified if your email address is found in any new breaches. This was how I learned of this particular database, although thankfully the password found was a login I used for a very minor website a great many years ago.

Either way, if you do not already have a unique login for every site you use, now would be a very good time to correct that. Start with the highest value websites like banks, financial services, Apple ID, Google accounts, and so on, and then work your way down.

... continue reading

Related:
Should we really blame billionaires for our own financial struggles? In fact, more Americans say yes
Memory makers have no plans to increase RAM production despite crushing memory shortages — 'modest' 2026 increase predicted as DRAM makers hedge their AI bets
Musk's xAI raises $15 billion in latest funding round
Coding assistant Cursor raises $2.3bn five months after its previous round
Tesla is recalling over 10,000 Powerwall 2 batteries due to burn risks

© 2025 GoKawiil