NEWYou can now listen to articles!
If you have not checked your credentials lately, now is the time.
A staggering 1.3 billion unique passwords and 2 billion unique email addresses surfaced online. This event is one of the largest exposures of stolen logins we have seen.
This is not the result of one major breach. Instead, Synthient, a threat intelligence firm, searched the open and dark web for leaked credentials. You may remember the company from its earlier discovery of 183 million exposed email accounts. This time, the scale is far larger.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
AMERICA’S MOST-USED PASSWORD IN 2025 REVEALED
Synthient uncovered a massive collection of stolen passwords and email addresses pulled from both the open and dark web. (Kurt “CyberGuy” Knutsson)
Where this huge trove came from
Most of the data comes from credential stuffing lists. Criminals pull these lists from old breaches and use them in new attacks. Synthient went further. Its founder Benjamin Brundage gathered stolen logins from hundreds of hidden sources across the web.
The data includes old passwords from past breaches and fresh passwords stolen by info-stealing malware on infected devices. Synthient partnered with security researcher Troy Hunt, who runs Have I Been Pwned. He verified the dataset and confirmed that it contains new exposures.
To test the data, Hunt started with one of his old email addresses. He already knew it had been added to past credential stuffing lists. When he found it in the new trove, he reached out to trusted Have I Been Pwned users to confirm the findings. Some had never appeared in breaches before, which proved that this leak includes new stolen logins.
183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW
Hackers use these stolen logins for credential stuffing attacks that target accounts across multiple sites. (iStock)
How to check if your passwords were stolen
To see if your email was affected,
- Visit Have I Been Pwned. It is the first and official source for this newly added dataset.
- Enter your email address to find out if your information appears in the leak.
- When done, come back here for Step 1 below.
WHAT REALLY HAPPENS ON THE DARK WEB, AND HOW TO STAY SAFE
Verification tests showed that the dataset contains fresh stolen credentials that had never appeared in earlier breaches. (Kurt “CyberGuy” Knutsson)
How to protect yourself after this massive credential leak
These simple actions strengthen your accounts fast and help you stay ahead of criminals who rely on stolen passwords.
1) Change any exposed passwords immediately
Do not leave a known leaked password in place. Change it right away on every site where you used it. Create a new login that is strong, unique and not similar to your old one. This step cuts off criminals who already have your stolen credentials.
2) Stop reusing passwords across sites
Avoid reusing passwords across sites. Once hackers get a working email and password pair, they try it on other services. This attack method, called credential stuffing, still succeeds because many people recycle the same login. One stolen password should not unlock every account you own.
3) Use a strong password manager
A strong password manager can generate new secure logins for your accounts. It creates long, complex passwords that you do not have to memorize. It also stores them safely so you can sign in quickly without taking risky shortcuts. Many password managers also scan for breaches to see if your current passwords have been exposed.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
4) Turn on Two-Factor Authentication
Even the strongest password can be exposed. Two-factor authentication adds a second step when you log in. You may enter a code from an authenticator app or tap a physical security key. This extra layer blocks attackers who try to access your account with stolen passwords.
5) Protect your devices from malware and install strong antivirus software
Hackers often steal passwords by infecting your devices. Info-stealing malware hides inside phishing emails and fake downloads. Once installed, it pulls passwords straight from your browser and apps. Protect your phones and computers with strong antivirus software. It can detect and block info-stealing malware before it drains your accounts. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
6) Consider switching to passkeys when possible
If you want better protection, start using passkeys on services that support them. Passkeys use cryptographic keys instead of text passwords. Criminals cannot guess or reuse them. They also stop many phishing attacks because they only work on trusted sites. Think of passkeys as a secure digital lock for your most important accounts.
7) Use a data removal service
Data brokers collect and sell your personal details, which criminals can combine with stolen passwords. A trusted data removal service can help find and remove your information from people-search sites. Reducing your exposed data makes it harder for attackers to target you with convincing scams and account takeovers.
While no service can guarantee total removal, they drastically reduce your digital footprint, making it harder for scammers to cross-reference leaked credentials with public data to impersonate or target you. These services monitor and automatically remove your personal info over time, which gives me peace of mind in today’s threat landscape.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
8) Review your security often
Security is not a one-time task. Check your passwords on a regular schedule and update older logins before they become a problem. Review which accounts have Two-factor authentication turned on and add it where you can. By staying proactive, you stay one step ahead of hackers and limit the damage from future leaks.
CLICK HERE TO DOWNLOAD THE APP
Kurt’s key takeaways
Massive leaks like this one highlight how fragile digital security can be. Even when you follow best practices, your information can still land in criminal hands through old breaches, malware or third-party exposures. Taking a proactive approach puts you in a stronger position. Regular checks, secure passwords and strong authentication give you real protection.
With billions of stolen passwords floating around, do you feel ready to check your own and tighten your account security today? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
