Your Email Address and Password Have Been Stolen, As Have Nearly 1 Billion Others

Your Email Address and Password Have Been Stolen, As Have Nearly 1 Billion Others

December 8, 2025

Your email and password might already be in the hands of cybercriminals. Security expert Troy Hunt, who operates Have I Been Pwned, recently received 2 billion unique email addresses found across multiple malicious lists and internet sources, including 1.3 billion unique passwords, according to reports from TechRepublic. This isn’t just another data breach—it’s a massive aggregation of stolen credentials that could put your accounts at serious risk.

The Scoop

The data comes from an aggregated collection by security firm Synthient, which compiles information from various data leaks. After processing, the dataset contained only unique credentials that were intercepted by Infostealer software . These stolen credentials were either freely available on the internet or collected via Telegram groups.

Why This Matters

The access data was intercepted by infostealers, which are malware that get installed on various systems with the sole purpose of collecting sensitive data and passwords. These then either end up directly with hackers, who can use them for phishing campaigns and scam attempts, or they’re sold online to those who may have even more devious intentions . Having your password on this list means cybercriminals could already have the keys to your accounts, your email, financial accounts, social media, and everything else.

Take Action

Don’t wait. Visit Have I Been Pwned immediately and enter your email address to check if you’re affected. There is also a password checker on the site. You simply enter your password, as opposed to your email address and you can see if it’s been compromised. If it has, it may not be yours that was taken, but that password was used somewhere and could be used via credential stuffing to find your accounts.

If your credentials appear, change your passwords right away. Use unique, strong passwords for every account. Enable two-factor authentication wherever possible. Consider using a password manager to keep track of multiple complex passwords. Just keep in mind, if the password manager is compromised, so too are your passwords.

And Then There’s Phishing

Always keep in your mind that if your email address has been compromised at all, you are likely getting spam. A lot of that might be phishing. Watch out for malicious links and if you don’t know the sender or are not expecting any links, don’t click them. If you are not sure, independently verify the link with the sender. Don’t trust contact information in those emails without verification.

Your Security

Is Your Email Account Hacked? What You Need To Know

The reality is these days, stolen email addresses are a dime a dozen. Thanks to relentless data breaches, it’s safe to assume your email address is already in the wrong hands. Although it may not sound like much, it’s a goldmine for further crimes involving you. Considering what a hacker can do with your cracked email account, prevention is always the best medicine. Read on for a few tips to keep your email in your control and also how hackers can use your email against you. READ FULL STORY

Scams & Phishing

Fake Update Ads Steal Your Passwords

We know the cyber-cheats are always out there using every trick in the book to steal our money, identities and whatever else they can get their hands on. So, the next time you’re alerted to a software update, especially one appearing in an online ad, it’s time to step back and take a closer look before tapping “Download.” A latest malvertising campaign lures users into downloading a fake software update. The now custom, improved malware is being used at this very moment and surely will continue doing damage well into the new year. READ FULL STORY

Your Security

Suspecting The Unexpected – When Verification Codes Spell Trouble

There’s a new security challenge to verification codes we use during account logins. These numerical security codes are an extra layer to our identity that helps keep hackers out. But not all verification codes are there to help, especially when they pop up on your device for seemingly no reason. Since hackers love finding sneaky ways of getting beyond our security efforts, they’re now exploiting verification codes – for nefarious and self-serving reasons, of course! READ FULL STORY

Education

How To Create A Strong And Unique Password For Every Account

Most of us know by now not to use the same passwords for different accounts; yet some of us still do. But users who continue to use passwords they know have been exposed in a hack are truly flirting with danger. In a recent study, Google found 1.5% of passwords are still being used despite those users knowing they’ve been compromised. A security researcher discovered more than 22 million unique passwords and over 770 million email addresses were made public on a popular hacker forum earlier this year. READ FULL STORY

Education

Ways To See If Your Data Has Been Stolen

With all the data breaches, whether by intrusion or accident lately, it’s likely your information was exposed somehow to someone you didn’t intend. After all, the marketing company Exactis, exposed hundreds of traits on us in 350 million records. Yahoo let out email addresses and passwords on billions of people, and of course who can forget the massive breach of Equifax just last year. There is a lot of information that gets leaked on us and the more the bad actors have on us, the more targeted their phishing campaigns can be. Checking on whether or not your data is available in the underground can help you mitigate any fraud or identity theft. READ FULL STORY

Email Address

Create a new Verification Phrase Enter any word or words you like.
The email newsletter will arrive from news@stickleyonsecurity.com Please wait...