Have You Been Pwned As Well? The Data Breach Notification Service Adds 284 Million Accounts as Stolen by Infostealer Malware

Have I Been Pwned added 284 million accounts compromised by infostealer malware found on a Telegram channel. The breach includes emails, passwords, and website data.
Have You Been Pwned As Well? The Data Breach Notification Service Adds 284 Million Accounts as Stolen by Infostealer Malware
Table of Contents
    Add a header to begin generating the table of contents

    Have I Been Pwned? Says 284 Million Accounts Stolen by Infostealer Malware

    Have I Been Pwned (HIBP), a popular data breach notification service, recently added over 284 million compromised accounts to its database. This massive data breach resulted from information stealer malware. The stolen data was discovered on a Telegram channel called “ALIEN TXTBASE.”

    Details of the Breach

    HIBP founder Troy Hunt detailed the discovery. He found 284,132,969 compromised accounts. The data included 23 billion rows. There were 493 million unique website and email address pairs. This affected 284 million unique email addresses.

    Hunt also stated, “They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses.”

    The data included 244 million passwords never seen before. Another 199 million passwords, already in the database, were updated.

    The Source of the Data

    The 1.5 terabytes of stealer logs likely came from many sources. The data was shared on the Telegram channel. The logs likely contain both old and new credentials. These were likely stolen through credential stuffing attacks and data breaches.

    Verification and New APIs

    Before adding the data, Hunt verified its authenticity. He checked if password reset attempts triggered emails. New APIs were introduced. These allow up to 1000 email address searches per minute. Domain owners and website operators (with subscriptions) can now identify affected customers. They can query the logs by email or website domain.

    Access for Regular Users

    When asked if regular users could check, Hunt said they could if subscribed to HIBP notifications. However, he limited public access to sensitive service information.

    He said, “But it’ll only show what websites their credentials were captured against if they use the notification service to verify their address, I didn’t want to show that info publicly as it can expose the use of sensitive services.”

    Hunt believes the new APIs will help organizations identify malicious activity.

    He added, “The introduction of these new APIs today will finally help many organisations identify the source of malicious activity and even more importantly, get ahead of it and block it before it does damage.”

    Related Breaches

    HIBP previously added other data breaches. In December 2021, 441,000 accounts stolen by RedLine malware were added. Earlier this month, 12 million Zacks Investment user accounts were added. In June 2023, another 8.8 million Zacks accounts were added.

    Related Posts