Check if your passwords were stolen in a major breach
NEWNow you can listen to News articles!
If you haven’t checked your credentials lately, now is the time.
A staggering 1.3 billion unique passwords and 2 billion unique email addresses appeared online. This event is one of the largest exposures of stolen logins we’ve seen.
This is not the result of a major breach. Instead, Synthient, a threat intelligence company, searched the open and dark web for leaked credentials. You may remember the company from its previous discovery of 183 million exposed email accounts. This time, the scale is much larger.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
THE MOST USED PASSWORD IN THE UNITED STATES IN 2025 REVEALED
Synthient discovered a massive collection of stolen passwords and email addresses pulled from both the open and dark web. (Kurt “CyberGuy” Knutsson)
Where did this huge treasure come from?
Most of the data comes from credential stuffing lists. Criminals mine these lists of old breaches and use them in new attacks. Synthient went further. Its founder, Benjamin Brundage, collected stolen logins from hundreds of hidden sources on the web.
The data includes old passwords from past violations and new passwords stolen by malware that steals information on infected devices. Synthient partnered with security researcher Troy Hunt, who runs Have I Been Pwned. Verified the data set and confirmed that it contains new exposures.
To test the data, Hunt started with one of his old email addresses. I already knew it had been added to lists of past credentials. When he found it in the new hoard, he contacted trusted Have I Been Pwned users to confirm the findings. Some had never appeared in breaches before, which showed that this leak includes new stolen logins.
183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW
Hackers use these stolen logins for credential stuffing attacks targeting accounts on multiple sites. (iStock)
How to check if your passwords have been stolen
To see if your email was affected,
- Visit Have I been fooled?. It is the first and official source of this newly added data set.
- Enter your email address to see if your information appears in the leak.
- When you’re done, Come back here for step 1 below..
WHAT REALLY HAPPENS ON THE DARK WEB AND HOW TO STAY SAFE
Verification tests showed that the data set contains new stolen credentials that had never appeared in previous breaches. (Kurt “CyberGuy” Knutsson)
How to protect yourself after this massive credential leak
These simple actions quickly strengthen your accounts and help you stay ahead of criminals who rely on stolen passwords.
1) Change any exposed password immediately
Don’t leave a leaked known password in place. Change it immediately in every place where you have used it. Create a new login that is strong, unique, and not similar to the old one. This step excludes criminals who already have their credentials stolen.
2) Stop reusing passwords across sites
Avoid reusing passwords across multiple sites. Once hackers get a working email and password pair, they test it on other services. This attack method, called credential stuffing, is still successful because many people recycle the same login. A stolen password should not unlock all the accounts you own.
3) Use a secure password manager
A secure password manager can generate new secure logins for your accounts. Create long, complex passwords that don’t need to be memorized. It also stores them securely so you can log in quickly without taking risky shortcuts. Many password managers also check for breaches to see if your current passwords have been exposed.
Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see Cyberguy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
4) Activate two-factor authentication
Even the most secure password can be exposed. Two-factor authentication adds a second step when logging in. You can enter a code from an authenticator app or tap a physical security key. This additional layer blocks attackers who try to access your account with stolen passwords.
5) Protect your devices from malware and install powerful antivirus software
Hackers often steal passwords by infecting your devices. Information-stealing malware hides in phishing emails and fake downloads. Once installed, it gets passwords directly from your browser and apps. Protect your phones and computers with powerful antivirus software. It can detect and block information-stealing malware before it drains your accounts. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com
6) Consider switching to passcodes when possible
If you want better protection, start using access keys about the services that support them. Access keys use cryptographic keys instead of text passwords. Criminals cannot guess them or reuse them. They also stop many phishing attacks because they only work on trusted sites. Think of passwords as a secure digital lock for your most important accounts.
7) Use a data deletion service
Data brokers collect and sell your personal data, which criminals can combine with stolen passwords. A reliable data removal service can help you find and remove your information from people search sites. Reducing exposed data makes it harder for attackers to target you with compelling scams and account takeovers.
While no service can guarantee complete removal, they dramatically reduce your digital footprint, making it difficult for scammers to cross-reference leaked credentials with public data to impersonate you or attack you. These services automatically monitor and delete your personal information over time, giving me peace of mind in today’s threat landscape.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com
8) Check your security frequently
Security is not a one-time task. Check your passwords regularly and update old logins before they become a problem. Review which accounts have two-factor authentication enabled and add it where you can. By being proactive, you’ll stay one step ahead of hackers and limit the damage from future breaches.
CLICK HERE TO DOWNLOAD THE News APP
Kurt’s Key Takeaways
Massive leaks like this highlight how fragile digital security can be. Even when you follow best practices, your information can still end up in criminal hands through old breaches, malware, or third-party exposures. Taking a proactive approach puts you in a stronger position. Regular checks, strong passwords and strong authentication give you real protection.
With billions of stolen passwords floating around, do you feel ready to verify yours and strengthen your account security today? Let us know by writing to us at Cyberguy.com
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and gadgets that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.