Article Details

Have I Been Pwned adds 284M accounts stolen by infostealer malware. ​The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel. HIBP founder Troy Hunt says he found 284,132,969 compromised accounts while analyzing 1.5TB of stealer logs likely collected from numerous sources and shared on a Telegram channel known as “ALIEN TXTBASE.” "They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses," Hunt stated in a Tuesday blog. "We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there." Due to the large number of accounts in this collection, the data may also likely include both old and new credentials stolen through credential stuffing attacks and data breaches. Before adding the stolen accounts to HIBP's database, Troy confirmed their authenticity by checking if a password reset attempt using the stolen email addresses triggered the service to send a password reset email. ​Using newly added APIs (allowing up to 1000 email address searches per minute and stealer log searchers), domain owners and website operators (who pay for a monthly subscription) can now identify customers whose credentials were stolen by querying the added stealer logs by email domain or website domain. When asked if regular users can also find out if their accounts were found in the ALIEN TXTBASE infostealer logs, Troy said they could if they're also subscribed to HIBP notifications. "But it'll only show what websites their credentials were captured against if they use the notification service to verify their address, I didn't want to show that info publicly as it can expose the use of sensitive services," he said. "The introduction of these new APIs today will finally help many organisations identify the source of malicious activity and even more importantly, get ahead of it and block it before it does damage," he added. In December 2021, HIBP also added 441,000 accounts stolen in an information-stealing campaign using RedLine malware, one of the most widely used infostealers at the time. The data was found on an unsecured server, which exposed over 6 million RedLine logs collected in August and September 2021. More recently, earlier this month, HIBP added the accounts of 12 million Zacks Investment users whose sensitive data (including names, usernames, email addresses, IP addresses, physical addresses, and phone numbers) was exposed in a security breach. Two years ago, in June 2023, the breach notification service added another database with the email addresses, usernames, unsalted SHA256 passwords, addresses, phone numbers, and full names of another 8.8 million individuals using Zacks' platform.