The popular breach notification service Have I Been Pwned? (HIPB) has recently added 284 million breached email addresses to its database. The new data stems from 1.5TB of logs collected from various information-stealing malware, credential-stuffing attacks and data breaches, that were collated and shared on Telegram.
The data also included 244 million passwords that weren’t already in its Pwned Passwords database of 199 million passwords.
HIPB allows domain owners and website operators to sign up for a monthly subscription that offers access to an API they can use to query HIPB records by domain. Regular, free-tier users will only be advised if their email account was involved in the breach, with no further details, like the website and password used.
Source: Bleeping Computer
The addition of 284 million stolen accounts to HIBP highlights the massive scale of credential theft via infostealer malware and the ongoing risks posed by compromised accounts.
These credentials, which were harvested from infected devices, often include email addresses, usernames, passwords, browser-stored data, and authentication tokens. This data is extremely valuable for credential-stuffing attacks, phishing campaigns, and further compromise of corporate networks.
Both nation-state and criminal threat actors rely on leaked credentials and data to facilitate attacks. For example, recent research revealed that Salt Typhoon, a sophisticated Chinese state-sponsored cyber actor, used stolen credentials to gain initial access to the networks of several US-based telecoms and internet service providers. This led to the potential breach of communication habits of millions of Americans.
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for emerging threats. Field Effect strongly recommends organizations adopt dark web monitoring, which is included with Field Effect MDR Complete, to proactively uncover leaked credentials and personal information before threat actors can use them to facilitate access to their network.
Personal users are encouraged to query HIBP data for their own email addresses and secure them accordingly.