Overview
- Have I Been Pwned logged an aggregated trove sourced from Synthient’s yearlong monitoring of infostealer platforms, combining stealer logs with credential‑stuffing lists.
- The corpus totals about 3.5 terabytes and roughly 23 billion rows, yielding 183 million unique email/password pairs from many providers, with Gmail heavily represented.
- A sampled analysis found around 92% of entries matched earlier leaks, while approximately 16.4 million email addresses had not been seen in prior breaches.
- Troy Hunt and affected users validated that some entries contained working Gmail credentials, which increases account‑takeover risk where passwords are reused.
- Google says its systems were not breached and advises users to check exposure, change compromised passwords, and enable 2‑step verification or passkeys, noting it resets passwords when large dumps are detected.