You can find out if you are a victim of a leak in two clicks.
Almost 71 million unique login credentials for sites such as Facebook*, Roblox, eBay, and Yahoo were found online. The leak has been circulating on the Internet for at least four months, and was reported by researcher Troy Hunt, operator of the Have I Been Pwned? (HIBP) security breach notification service. According to him, the databases were published on a well-known underground market that sells compromised credentials.
Hunt notes that he usually doesn't pay attention to such leaks, since they are often just repackaged previously published passwords from previous malware campaigns. However, this time the researcher found about 25 million passwords that were not previously merged.
The scale of the leak is 319 files with a total volume of 104 GB, including 70,840,771 unique email addresses and passwords to them. Hunt stressed that this is a significant amount of data, especially considering that such data is usually extracted using infostilers deployed on compromised systems.
It is noteworthy that the passwords in the array are presented in plain text. This is uncharacteristic for leaks from websites where credentials are usually cryptographically hashed. In addition, most of the detected credentials are weak and easily susceptible to password-guessing attacks.
Hunt confirmed the authenticity of the detected data by contacting people at some of the specified email addresses. They confirmed that the listed credentials were or still remain up-to-date.
Hunt also noted that most of the credentials in this leak did not come from malware, but were obtained as a result of the "Credential stuffing" attack, when cybercriminals collect large amounts of stolen data from previous leaks, and then select up-to-date passwords for them through special software.
You can find out whether your credentials specifically fell into the hands of intruders, and which services were the source of the leak, on the aforementioned site " Have I Been Pwned?".
To ensure password security, we recommend creating long, randomly generated passwords or phrases that contain letters in different cases, numbers, and special characters. And even such passwords need to be changed regularly.
The use of two-factor authentication and the new industry standard for authentication — Passkey, which is resistant to theft through malicious applications and phishing of credentials, is also an important element of digital security in our time.
Almost 71 million unique login credentials for sites such as Facebook*, Roblox, eBay, and Yahoo were found online. The leak has been circulating on the Internet for at least four months, and was reported by researcher Troy Hunt, operator of the Have I Been Pwned? (HIBP) security breach notification service. According to him, the databases were published on a well-known underground market that sells compromised credentials.
Hunt notes that he usually doesn't pay attention to such leaks, since they are often just repackaged previously published passwords from previous malware campaigns. However, this time the researcher found about 25 million passwords that were not previously merged.
The scale of the leak is 319 files with a total volume of 104 GB, including 70,840,771 unique email addresses and passwords to them. Hunt stressed that this is a significant amount of data, especially considering that such data is usually extracted using infostilers deployed on compromised systems.
It is noteworthy that the passwords in the array are presented in plain text. This is uncharacteristic for leaks from websites where credentials are usually cryptographically hashed. In addition, most of the detected credentials are weak and easily susceptible to password-guessing attacks.
Hunt confirmed the authenticity of the detected data by contacting people at some of the specified email addresses. They confirmed that the listed credentials were or still remain up-to-date.
Hunt also noted that most of the credentials in this leak did not come from malware, but were obtained as a result of the "Credential stuffing" attack, when cybercriminals collect large amounts of stolen data from previous leaks, and then select up-to-date passwords for them through special software.
You can find out whether your credentials specifically fell into the hands of intruders, and which services were the source of the leak, on the aforementioned site " Have I Been Pwned?".
To ensure password security, we recommend creating long, randomly generated passwords or phrases that contain letters in different cases, numbers, and special characters. And even such passwords need to be changed regularly.
The use of two-factor authentication and the new industry standard for authentication — Passkey, which is resistant to theft through malicious applications and phishing of credentials, is also an important element of digital security in our time.
