Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

One of the biggest password dumps in recent history has been revealed - but there's an easy way to find out if you're at risk

Representational image depecting cybersecurity protection.

For roughly four months, a gigantic email and password dump was circulating on the dark web, and no one in the cybersecurity community noticed, until now.

Have I Been Pwned? (HIBP) has added a new database containing roughly 71 million email addresses to its platform. The service allows users to see if their email addresses were picked up by threat actors at any time in the past and, if so, which service was breached to obtain the information.

While announcing the new addition, HIBP owner Troy Hunt says he dismissed the database earlier because it seemed to be nothing more than old information - repackaged. Upon closer inspection, however, he determined that a third of the email addresses were brand new, making the data dump “statistically significant”.

Significant data volume

This isn't just the usual collection of repurposed lists wrapped up with a brand-new bow on it and passed off as the next big thing; it's a significant volume of new data,” Hunt wrote. “When you look at the above forum post the data accompanied, the reason why becomes clear: it's from ‘stealer logs’ or in other words, malware that has grabbed credentials from compromised machines.”

When a user types in their email in the Have I Been Pwned? service, if their email pops up under the “Naz.API” submission, that means that they were, most likely, infected by malware at some point in the past (or are infected still). That also means that the malware stole passwords for various services. Unfortunately, it’s difficult to determine which service (unless the user recognizes the unique username/password combination). Some of the services mentioned include Facebook, Yahoo, Roblox, eBay, and others. 

The database counts 319 files, totaling 104GB. Exactly 70,840,771 unique email addresses were exposed, and 427,308 individual Have I Been Pwned? subscribers impacted.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.