Have I Been Pwned adds over 284 million compromised passwords from latest breach
Data breach news is reported with such regularity now that it’s easy to feel jaded by each new leak of login details. The scale of this latest breach should give us all pause, however. Have I Been Pwned, the website where you check just how many password leaks your email address has been attached to, reports that 284,132,969 logins have been compromised in this latest data breach. Which is rather a lot.
“In February 2025,” the site explains, “23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE.” Troy Hunt, the founder of Have I Been Pwned, went into more detail on his blog, explaining that news of this breach came via a contact in a government agency, and consisted of “two files totalling just over 5GB” distributed via Telegram.
“Telegram makes it super easy to publish large volumes of data (such as we’re talking about here) under the veil of anonymity and distribute it en mass”, Hunt explained. This stolen data is basically monetized on a shareware model, like Wolfenstein 3D only instead of having you fight Hitler at the end you lose your Netflix. A smaller subset of the stolen data is provided for free—a mere “36 million rows” of email addresses and passwords—with the rest available after paying a subscription fee.
These passwords are normally obtained via malware. Users are tricked by a website that looks legit, download software with an “infostealer” attached, and then any credentials they subsequently input are stolen and logged to be sold as part of an archive like the one distributed via Telegram.
Instead of ending this news story in the traditional fashion, by berating you into using a password manager and improving your infosec, instead let me remind you that creating the ideal password can also be a super fun not-at-all-infuriating videogame.
Source link
