Two billion email addresses were exposed
16 days ago
- #Password Security
- #Cybersecurity
- #Data Breach
- A massive data breach exposed 1.957 billion unique email addresses and 1.3 billion unique passwords, 625 million of which were previously unseen.
- Credential stuffing lists originate from other breaches and are used to access unrelated accounts due to password reuse.
- Data verification involved checking personal and subscriber data, revealing active and old passwords still in use.
- Pwned Passwords allows anonymous checks of compromised passwords without linking them to email addresses.
- The breach is not a Gmail-specific issue; Gmail addresses are just part of the 32 million domains affected.
- Technical challenges included processing the large dataset, optimizing SQL Server, and managing email notifications.
- Notifications were sent gradually to avoid email server throttling, with domain notifications sent instantly.
- The data is now searchable in HIBP as the Synthient Credential Stuffing Threat Data.
- Recommendations include using password managers, strong unique passwords, passkeys, and multi-factor authentication.