Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- Added two new Have I Been Pwned datasets with millions of accounts.
- Emails and passwords exposed in recent data breaches.
- Check if your information has been leaked and know what to do next.
Cybersecurity expert Troy Hunt has added two new sets of compromised account records to the Have I Been Pwned database, which also includes a massive dataset of 183 million accounts.
Have I been taken hostage?
Have I been taken hostage? (HIBP) is a data breach “search engine” that allows anyone to submit their email address to see if any links to a data breach are publicly known.
Too: AT&T customer? Claim Up to $7,500 from the $177 Million Data Breach Settlement β ββDon’t Miss the New Deadline
HIBP is a free service that can give you information about whether your online accounts have been “pounded” or compromised in a data breach. Once you submit your email address for review, you’re told how many, if any, data breaches involved your information being leaked. A timeline will show when the data breach occurred, along with a useful summary of the stolen or dumped data.
Too: I’m removing the password for Passkey for a reason β and it’s not what you think
You can also use HIBP side service, Pand PasswordTo see if a password you commonly use is linked to the exposed dataset.
You may not use the Service to view stolen or leaked data. Instead, HIBP gives you an overview of the compromised data. At the time of writing, the service has been added to 917 breaches, bringing its count to 15.32 billion accounts.
What information is included in these datasets?
According to Have I Been Pond update, First The set contains 183 million records. The data was uploaded to HIBP on 21 October Help Of Synthiant, a shadowy intelligence service that shared data with Hunt. In total, 183 million unique email addresses, the websites they were used on, and the passwords they were associated with were included.
Too: 7 password rules to follow in 2025 from security experts β the last one might surprise you
Second Add Smaller than 3.9 million accounts. Added to HIBP on October 27, this data breach relates to MyVidster, a video-sharing website that was shut down earlier this year and was allegedly used to bookmark and share pornography. Email addresses, usernames, and profile pictures were leaked on public hacking forums.
Why does this dataset matter?
Synthient’s contribution to HIBP is particularly interesting given its sources. The data was collected when researcher Benjamin Brundage was exploring the logging ecosystem, in which website addresses, email addresses and passwords are captured by information-stealing malware loaded onto victim devices.
After crawling sources including Telegram, social media websites and forums, 3.5TB of information was collected β or 23 billion rows of data.
Too: How I easily set up a passkey through my password manager β and why you should too
It is often the case that these types of logs are reposted and recycled, and so Hunt worked with the researcher to investigate whether any logs had already been loaded into HIBP. Overall, 92% of the dataset already existed, but there were still 183 million unique email addresses and 16.4 million previously undiscovered email addresses left in both the HIBP and InfoStealer logs. This highlights that just because data is dumped online does not mean it does not contain legitimate credentials putting our online accounts at risk.
Credential-Stuffing Lists were also In the Synthient dataset, which can be used in automated attacks against organizations. This dataset will be added in the near future once its accuracy is established.
Too: 94% of leaked passwords are not unique – will you guys ever learn?
“The truth is that, unlike the hundreds of other data breaches at Ashley Madison, Dropbox or already at HIBP, the stolen logs are like a firestorm of data that is constantly spewing personal information everywhere,” Hunt said. “The data itself is still on point, but I would like HIBP to better reflect that firehose analogy and provide a constant stream of new data. Until then, Synthiant’s threat data will still be in HIBP and searchable in all the usual ways.”
How will I know if I am included in this collection?
The first step to travel is to take Have I been taken hostage? And submit your email address. You’ll then be able to see which data breaches you’ve been linked to, including Synthient’s dataset.
Too: Why is multi-factor authentication absolutely necessary in 2025?
If you find that your email address has been exposed, make sure you change any passwords associated with it immediately. You may want to reduce your risk by deleting any online accounts you no longer use.
This latest update also teaches the lesson that you should never reuse passwords across your online services. Of course, unique, complex passwords are difficult to remember, but this is where a password manager can help you.
Get our top stories delivered to your inbox every morning Tech Today Newsletter.
