Millions of stolen login details are currently circulating across the web, shared between cybercriminals through channels like Telegram, forums, and the dark web. Cybersecurity firm Synthient aggregated this vast amount of data, creating a massive database containing 183 million unique email addresses.
Source of the Leak
Synthient explains that most of these credentials were primarily shared on Telegram and originated from information stealer malware infections. The data was not exfiltrated by hacking into organizations’ systems, but by infecting individual users with malware.
The data came from primary sellers of stolen information, aggregators who repost logs from info stealers, and other miscreants who help spread the malware. To better understand adversary infrastructure, Synthient collected and parsed this information, then compiled the massive dataset.
Database Scale and Verification
The resulting database was colossal 3.5 terabytes containing 23 billion rows of leaked email addresses, passwords, and the websites where the credentials were used.
Troy Hunt, maintainer of the data breach notification service Have I Been Pwned, confirmed that the data is genuine. He noted that while most credentials were already in the service's existing database, a substantial portion—16.4 million email addresses—were entirely new. These new email addresses, along with the sites they were used on, are now searchable on Have I Been Pwned.
Hunt also pointed out that the Synthient data included not only infostealer logs but also credential stuffing lists, which are often collected from breaches and used to take over accounts on various platforms.
Google’s Response and Protection
Crucially, the data did not originate from a single breach let alone one at Gmail, despite some inaccurate news headlines. Google issued a firm response, stating that reports of a "Gmail security breach impacting millions of users" were false.
Google explained that these inaccurate reports stem from a misunderstanding of infostealer databases, which routinely compile various credential theft activities occurring across the web.
The best defense against credential theft, according to Google and other security experts, is using multi factor authentication (MFA) and switching to more secure methods like passkeys. Users should also promptly reset passwords whenever large batches of leaked credentials emerge to minimize their risk.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
