Overview
- Troy Hunt added the trove to Have I Been Pwned, allowing anyone to check if their email appears in the newly indexed dataset.
- Synthient says the logs were aggregated over about a year from criminal marketplaces and Telegram channels and submitted for analysis in October.
- The dataset includes roughly 183 million unique email–password pairs with about 16.4 million addresses not seen in prior breaches while about 91% match earlier exposures.
- Google says it resets passwords when it detects credential theft and urges users to enable 2‑step verification or passkeys to reduce account‑takeover risk.
- Security experts warn of active credential‑stuffing attacks and recommend changing passwords now, avoiding reuse, and using a trusted password manager instead of browser storage.