A massive leak has revealed 183 million email passwords stolen from malware
newYou can now listen to Fox News articles!
A massive online leak has revealed more than 183 million stolen email passwords collected from years of malware infections, phishing campaigns and legacy data breaches. Cybersecurity experts say it’s one of the largest sets of stolen credentials ever discovered.
Security researcher Troy Hunt, who runs the website Have I Been Pwned, found the 3.5TB data set online. The credentials came from information-stealing malware and credential stuffing lists. This malware secretly collects usernames, passwords, and website logins from infected devices.
Researchers say the data contains old and newly discovered credentials. Hunt confirmed that 91% of the data appeared in previous breaches, but about 16.4 million email addresses were completely new to any known data set.
Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.
DISCORD confirms that the vendor compromised the user IDs exposed in the ransomware scheme
Cyber experts discovered a 3.5TB data warehouse containing millions of stolen logins. (Kurt “CyberGuy” Knutson)
The real danger behind password leakage
This leak puts millions of users at risk. Hackers often collect stolen logins from multiple sources and compile them into large databases that are circulated on dark web forums, Telegram channels, and Discord servers.
If you reuse passwords across multiple sites, attackers can use this data to break into your accounts through credential stuffing. This method tests stolen username and password pairs on many different platforms.
The risk remains real for anyone using outdated or duplicate credentials. One hacked password can unlock your social media, banking, and cloud accounts.
GOOGLE confirms that the stolen data was compromised by a known hacker group
Researcher Troy Hunt traced the leak to malware that secretly steals passwords from infected devices. (Jens Buettner/Image Alliance via Getty Images)
Google responds to the reports
Google has confirmed that there was no Gmail data breach. In a post on X, the company stated, “Reports of a Gmail security breach affecting millions of users are false. Gmail’s defenses are strong, and users remain protected.”
Google explained that the leak came from information theft databases that collect years of credentials stolen across the web. These databases are often mistaken for new breaches, when in fact they represent ongoing theft activity. Troy Hunt also confirmed that the data set originated from Synthient’s collection of information theft logs, and not from a single platform or recent attack. Although no new breach has occurred, experts warn that leaked credentials remain dangerous because cybercriminals are reusing them to launch future attacks.
How to check if you have been exposed
To see if your email has been affected, visit Have I Been Pwned. This is the first and official source for the newly added dataset. Enter your email address to see if your information appears in the Synthient leak.
Many password managers also include built-in penetration scanning tools that use the same data sources. However, they may not include this new group until their databases are updated.
If your address appears, consider it hacked. Change your passwords instantly and turn on stronger security features to protect your accounts.
Columbia University data breach reaches 870,000 people
The 183 million exposed credentials came from malware, phishing, and legacy data breaches. (Kurt “CyberGuy” Knutson)
9 steps to protect yourself now
Protecting your online life starts with consistent actions. Each step below adds another layer of defense against hackers, malware, and credential theft.
1) Change your passwords immediately
Start with your most important accounts, like email and banking. Use strong, unique passwords made up of letters, numbers, and symbols. Avoid predictable choices like names or birthdays.
Never reuse passwords. One stolen password can unlock multiple accounts. Each login must be unique to protect your data.
A password manager makes this simple. It securely stores complex passwords and helps you create new ones. Many managers also scan for breaches to see if your existing passwords have been exposed.
Next, check if your email has been discovered in a recent credentials leak. Our top pick for password managers includes a built-in penetration scanner that searches trusted databases, including the newly added Synthient data from Have I Been Pwned. It helps you find out if your email or passwords have appeared in any known leaks. If you see a match, change any reused passwords immediately and secure those accounts with strong, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Enable two-factor authentication (2FA)
employment 2FA Wherever possible. It adds a strong second layer of defense that blocks hackers even if they have your password. You will receive a code via text message, app, or security key. This code ensures that only you can log in to your accounts.
3) Use an identity theft service for ongoing monitoring
Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals. It’s a smart way to stay one step ahead of hackers.
Check out my tips and top picks on how to protect yourself from identity theft at Cyberguy.com.
4) Protect your devices with powerful antivirus software
Infostealer malware hides inside fake downloads and phishing attachments. Powerful antivirus software scans your devices to stop threats before they spread. Keep your antivirus software up to date and perform frequent scans. Even one unprotected device can put your entire digital life at risk.
The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS at Cyberguy.com.
5) Avoid saving logins in your web browser
Browsers are convenient but risky. Infostealer malware often targets passwords saved in your web browser.
6) Keep software updated
Updates fix security flaws that hackers exploit. Turn on automatic updates for your operating system, antivirus software, and applications. Staying current keeps threats away.
7) Only download from trusted sources
Avoid unknown sites that offer free downloads. Fake apps and files often contain hidden malware. Use official app stores or authorized company websites.
8) Review your account activity frequently
Check your accounts regularly for unusual logins or device connections. Many platforms display your login history. If something appears, change your password and enable it 2FA Immediately.
9) Consider a personal data removal service
The massive leak of 183 million credentials shows how far your personal information can spread and how easily it can resurface years later in hacker databases. Even if your passwords were part of an old hack, data such as your name, email, phone number or address may still be available through data broker sites. Personal data removal services can help reduce your exposure by deleting this information from hundreds of these sites.
Although no service can guarantee complete removal, it significantly reduces your digital footprint, making it difficult for fraudsters to compare leaked credentials with public data to impersonate or target you. These services monitor your personal information and automatically remove it over time, which gives me peace of mind in today’s threat landscape.
Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.
Get a free check to see if your personal information is already on the web: Cyberguy.com.
CLICK HERE TO GET THE FOX NEWS APP
Key takeaways for Kurt
This leak highlights the ongoing risk of malware and password reuse. Prevention remains the best defence. Use unique passwords, enable 2FA And stay alert to keep your data safe. Visit Have I Been Pwned today to check your email and take action. The faster you respond, the better you can protect your identity.
Have you ever discovered your data in a breach? What did you do next? Let us know by writing to us at Cyberguy.com.
Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.