Massive Email Password Leak Exposes 183 Million Credentials, Including 16 Million New Ones

A huge leak of 183 million email passwords assembled from old malware infections, data breaches, and phishing scams has been discovered, putting many at risk. Most of the credentials are from previous breaches, but over 16 million are newly identified.

Source and Impact:

• Security researcher Troy Hunt identified a 3.5 TB database of stolen credentials.

• Most data is old, but millions of new email/passwords surfaced.

• Data circulates on the dark web, Telegram, and Discord, and is used in credential stuffing attacks.

• Google confirmed no Gmail-specific breach; data came from various incidents over the years.

What To Do:

• Check if affected at the Have I Been Pwned website.

• Change passwords immediately, especially for important accounts.

• Use unique, strong passwords for each account; password managers are recommended.

• Enable two-factor authentication (2FA) on all accounts.

• Use antivirus software and keep it updated.

• Don't save passwords in browsers.

• Only download apps/software from trusted sources.

• Regularly review account activity for unusual logins.

• Consider using personal data removal and identity theft monitoring services.

Ongoing Risk:

• Hackers reuse old credentials for new attacks.

• Data can resurface for years; always use the best security practices.