News
New password leak has 71 million emails in it
This password leak also contains 100 million unique passwords. Spoiler: it probably has yours.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Are you still reusing passwords between your different accounts in 2024? You should rethink that, because this giant password leak could well include your details.
Troy Hunt, creator of the helpful Have I Been Pwned website for finding out if your details are in password leaks, says this new leak is one of the largest he’s ever seen.
Dubbed “Naz.API,” this credential stuffing list (used by hackers to try email and password combinations rapidly on their target) has a staggering 70 million email addresses and over 100 million passwords inside.
And unlike many lists on Have I Been Pwned, “a third of the email address have never been seen before.”
If you haven’t already, it’s time to start using a password manager. Preferably one that supports two-factor authentication, and enable that on services that support it while you’re changing passwords.
Then read on for the rest.
New password leak probably has your details inside
New breach: The Naz.API stealer logs and cred stuffing lists were posted to a hacking forum in Sep. Data included 71M email addresses and 100M plain text passwords, often alongside the service they were used for. 67% were already in @haveibeenpwned. More: https://t.co/Uef4G7gOei
— Have I Been Pwned (@haveibeenpwned) January 17, 2024
If you’re wondering where the data inside this password leak came from, Hunt says it was from “stealer logs” which are malware on infected computers that capture login details then send it out to the hackers.
In a year of high-profile password and data leaks from companies such as LastPass and 23andme, the Naz.API dump is huge. Hunt tested enough of the service+email combinations to be satisfied that the data was legit.
He even found his own data in there, with a password he hadn’t used since before 2011. That’s joined by over 100 million unique passwords, which are repeated enough times that the full password leak contains 1.3 billion entries.
As Hunt notes, the number of recurring passwords means that the general public likely isn’t using a password manager with unique passwords for every service. Maybe it’s time to start.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- YouTube is punishing ad-block users with longer load times
- Marc Cuban slams Twitter as Elon Musk’s echo chamber
- Samsung Galaxy S24 range brings new chips, AI, and better cameras
- Microsoft introduces Copilot Pro, a $20/month AI assistant