A massive compilation of stolen data has surfaced, containing nearly 2 billion unique email addresses and 1.3 billion passwords, according to cybersecurity expert Troy Hunt of Have I Been Pwned. The trove wasn’t from a single breach — security firm Synthient gathered login details from numerous dark-web leaks and merged them into the largest credential dataset Hunt has ever processed. Over 625 million of the passwords were previously unseen.
These credentials appear in “credential-stuffing” lists used by hackers to try reused passwords across many sites, making password reuse especially dangerous. Users can check if their passwords appear in the database using Have I Been Pwned’s local, privacy-safe Pwned Passwords tool, or subscribe for breach alerts. Experts strongly advise using unique passwords for every account, starting with high-value services like banking and email.
Source: 9to5Mac
