Overview
- Security researcher Troy Hunt processed the trove for Have I Been Pwned, calling it the service’s largest dataset to date.
- Roughly 625 million of the 1.3 billion passwords were previously unknown to researchers.
- Samples checked by Hunt show many of the exposed passwords are still in active use, including some more than a decade old.
- The collection is reported to originate from threat‑intelligence platform Synthient and is already circulating in criminal forums for automated account attacks and sales.
- Individuals can run anonymous checks on haveibeenpwned.com and are urged to change affected logins, use a password manager, and enable two‑factor authentication.