Have I Been Pwned adds 284 million stolen accounts stolen accounts

The data breach notification service Have I Been Pwned (HIBP), founded by Troy Hunt, is reporting over 284 million compromised accounts in the latest registered leak. The credentials were stolen by information stealer malware and discovered on a Telegram channel called "ALIEN TXTBASE."

According to Hunt's blog post, the analyzed dataset was massive - approximately 1.5 terabytes of stealer logs likely aggregated from various sources. The collection contained 23 billion rows with 493 million unique website and email address pairs, affecting 284,132,969 unique email addresses.

In addition to the compromised accounts, HIBP has added 244 million previously unseen passwords to its Pwned Passwords database and updated frequency counts for another 199 million existing entries.

The dataset likely includes both fresh credentials and older ones obtained through various methods including credential stuffing attacks and data breaches. Before adding these accounts to HIBP's database, Hunt verified their authenticity by testing if password reset attempts using the stolen email addresses would trigger legitimate reset emails