Huge password breach exposes billions of stolen credentials online
NEWYou can now listen to Fox News articles!
If you haven’t checked your credentials lately, now is the time.
A staggering 1.3 billion unique passwords and 2 billion unique email addresses have appeared online. This incident is one of the largest disclosures of stolen login information we have seen.
This is not the result of a major breach. Instead, Synthient, a threat intelligence firm, searched the open and dark web for the leaked credentials. You may remember the company from its previous discovery of 183 million exposed email accounts. This time the scale is much larger.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
AMERICA’S MOST USED PASSWORDS IN 2025 HAVE BEEN REVEALED
Synthient uncovered a massive collection of stolen passwords and email addresses taken from both the open and dark web. (Kurt “CyberGuy” Knutsson)
Where did this huge treasure come from?
Most of the data comes from credential filling lists. Criminals take these lists from old breaches and use them in new attacks. Synthient went even further. Its founder, Benjamin Brundage, collected stolen login credentials from hundreds of confidential sources across the web.
The data contains old passwords past violations and new passwords stolen by information-stealing malware on infected devices. Synthient has partnered with security researcher Troy Hunt, who runs Have I Been Pwned. He validated the dataset and confirmed that it contained new risks.
Hunt started with one of the old email addresses to test the data. He already knew he had been added to past credential stuffing lists. When he found it in the new stash, he reached out to trusted Have I Been Pwned users to verify his findings. Some had never been breached before, proving that this leak contained newly stolen login credentials.
183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURSELF NOW
Hackers use these stolen login credentials for credential stuffing attacks that target accounts across multiple sites. (iStock)
How can you check if your passwords have been stolen?
To see if your email is affected
- Visit Have I been pwned?. It is the first and official source of this newly added dataset.
- Enter your email address to find out if your information appears in the leak.
- When it’s over, Return here for Step 1 below.
WHAT IS ACTUALLY HAPPENING ON THE DARK WEB AND HOW TO STAY SAFE?
Verification tests showed that the dataset contained new stolen credentials that had never been exposed in previous breaches. (Kurt “CyberGuy” Knutsson)
How do you protect yourself after this major credential leak?
These simple actions will quickly strengthen your accounts and help you stay ahead of criminals relying on stolen passwords.
1) Change exposed passwords immediately
Do not leave a known leaked password in place. Change it immediately on every site you use. Create a new login name that is strong, unique and unlike any other. This step stops criminals who already have your stolen credentials.
2) Stop reusing passwords between sites
Avoid reusing passwords between sites. Once hackers get a working email and password pair, they try it on other services. This attack method, called credential stuffing, is still successful because many people recycle the same login information. A stolen password shouldn’t unlock every account you have.
3) Use a strong password manager
A strong password manager can create new secure logins for your accounts. Generates long, complex passwords that you don’t have to memorize. It also stores them securely, so you can log in quickly without resorting to risky shortcuts. Many password managers also scan for breaches to see if your existing passwords have been compromised.
Next, see if your email has been subject to past breaches. Our #1 password manager (see cyberguy.com) pick includes a built-in breach scanner that checks to see if your email address or passwords appear in known leaks. If you find a match, immediately replace reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at: cyberguy.com
4) Turn on Two-Factor Authentication
Even the strongest password can be revealed. Two-factor authentication Adds a second step when you log in. You can enter a code from the authentication app or tap a physical security key. This extra layer blocks attackers trying to access your account with stolen passwords.
5) Protect your devices from malware and install strong antivirus software
Hackers often steal your passwords by infecting your devices with viruses. Information-stealing malware hides within phishing emails and fake downloads. Once installed, it retrieves passwords directly from your browser and applications. Protect your phones and computers with powerful antivirus software. It can detect and block information-stealing malware before it drains your accounts. This protection also keeps your personal information and digital assets safe by alerting you to phishing emails and ransomware scams.
Get my picks for the 2025 best antivirus protection winners for your Windows, Mac, Android, and iOS devices at: cyberguy.com
6) Consider switching to toggle switches whenever possible
If you want better protection, start using toggle switches about the services that support them. Passkeys use cryptographic keys instead of text passwords. Criminals cannot guess or reuse them. They also stop many phishing attacks because they only work on trusted sites. Think of passkeys as a secure digital lock for your most important accounts.
7) Use a data removal service
Data brokers collect and sell your personal information, which criminals can combine with stolen passwords. A reliable data removal service can help locate and remove your information from people search sites. Reducing your exposed data makes it harder for attackers to target you with credible scams and account takeovers.
While no service can guarantee complete deletion, it greatly reduces your digital footprint, making it harder for fraudsters to cross-reference leaked credentials and public data to impersonate or target you. These services track and automatically remove your personal information over time; This gives me peace of mind in today’s threat environment.
Check out my top picks for data removal services and get a free scan to see if your personal information is already on the internet by visiting: cyberguy.com
Take advantage of free scanning to find out if your personal information is already on the internet: cyberguy.com
8) Review your security frequently
Security is not a one-time task. Check your passwords regularly and update your old logins before they cause problems. Review which accounts have Two-factor authentication turned on and add it wherever possible. By staying proactive, you stay one step ahead of hackers and limit the damage from future leaks.
CLICK TO DOWNLOAD FOX NEWS APPLICATION
Kurt’s important takeaways
Major leaks like this highlight how fragile digital security can be. Even if you follow best practices, your information may fall into the hands of criminals due to past breaches, malware, or third-party exposure. Taking a proactive approach puts you in a stronger position. Regular checks, secure passwords and strong authentication give you real protection.
With billions of stolen passwords floating around, do you feel ready to check your own password and tighten up your account security today? Let us know by writing to us. cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
