Have I Been Pwned is a free service that anyone may use to check for password leaks associated with email addresses. All it takes is to provide an email address and you are presented with a list of known breaches the email address was discovered in.
While that does not mean that the account has been compromised, as strong passwords may prevent that from happening too quickly, it is a good idea to change the affected passwords.
Troy Hunt, the creator of the service, adds new public collections of passwords and other sensitive data to the service regularly. Just this week, he revealed that more than 1.3 billion new passwords were added to the main database of the service.
The passwords come from the Synthient database, a collection of passwords from various sources, including Telegram groups and publicly accessible cloud storage locations. The majority of data appears to have been stolen by infostealers.
Good to known: Infostealers are a specific type of malware that record usernames and passwords on infected PCs or mobile devices. The data is then submitted to servers on the Internet, where it is sometimes publicly accessible.
The new database entries consist of username and password combinations. The database entry reveals two billion affected accounts and 1.3 billion unique passwords, all of which are now searchable via Have I Been Pwned. At least part of the data includes old account passwords that are no longer in use. However, new passwords are also found in the database, but the ratio is unclear.
Tip: If you use the KeePass password manager, you can run local checks as well against all stored passwords.
Recommendations for affected accounts
Users who notice that their accounts are affected may want to consider doing the following:
- Immediately change the passwords of affected accounts.
- Change the password of any account that has not been breached, but where the same password is used or a slight variation, such as "password", "password1" and so on.
- Enable two-factor authentication.
Other options include switching from using passwords to passkeys, but these are not supported by all services yet.
Note that some breach entries do not list a service. This is the case when passwords came from a source that can't be associated with a specific Internet service.
You can check out this guide on the potential risks and how to protect your accounts, which offers additional explanations and tips on staying secure.
Have I Been Pwned is a free service.
Now You: Do you use services like Have I Been Pwned to check if your passwords were found in a breach? Feel free to leave a comment down below.
Thank you for being a Ghacks reader. The post Have I Been Pwned adds a billion new passwords to its database appeared first on gHacks Technology News.
![[Beta] Samsung Internet Browser now available for Windows users in South Korea and U.S.](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tVvY8tRt1ThVVmeF0tdl4TEsxwFFjV69zmwdynwFn4y2UGBxA0kH3sOqvPYLBDLUrdKCZMcgSLGX8dw5vGpaYqkgc1JqLgG86OJ3LTEEli8FL3PgXzJpon_0nAA4uZmvutQgAc-a6M48D3dvsJmaD1zkKlCLQb37FdMcusUw=w680)
![[Beta] Samsung Internet Browser now available for Windows users in South Korea and U.S.](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tVvY8tRt1ThVVmeF0tdl4TEsxwFFjV69zmwdynwFn4y2UGBxA0kH3sOqvPYLBDLUrdKCZMcgSLGX8dw5vGpaYqkgc1JqLgG86OJ3LTEEli8FL3PgXzJpon_0nAA4uZmvutQgAc-a6M48D3dvsJmaD1zkKlCLQb37FdMcusUw=w100)
0 Commentaires