pixel
Connect with us

News

New password leak has 71 million emails in it

This password leak also contains 100 million unique passwords. Spoiler: it probably has yours.

password1 shown in a password entry field
Image: KnowTechie

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Are you still reusing passwords between your different accounts in 2024? You should rethink that, because this giant password leak could well include your details.

Troy Hunt, creator of the helpful Have I Been Pwned website for finding out if your details are in password leaks, says this new leak is one of the largest he’s ever seen.

Dubbed “Naz.API,” this credential stuffing list (used by hackers to try email and password combinations rapidly on their target) has a staggering 70 million email addresses and over 100 million passwords inside.

And unlike many lists on Have I Been Pwned, “a third of the email address have never been seen before.”

If you haven’t already, it’s time to start using a password manager. Preferably one that supports two-factor authentication, and enable that on services that support it while you’re changing passwords.

Then read on for the rest.

New password leak probably has your details inside

If you’re wondering where the data inside this password leak came from, Hunt says it was from “stealer logs” which are malware on infected computers that capture login details then send it out to the hackers.

In a year of high-profile password and data leaks from companies such as LastPass and 23andme, the Naz.API dump is huge. Hunt tested enough of the service+email combinations to be satisfied that the data was legit.

He even found his own data in there, with a password he hadn’t used since before 2011. That’s joined by over 100 million unique passwords, which are repeated enough times that the full password leak contains 1.3 billion entries.

As Hunt notes, the number of recurring passwords means that the general public likely isn’t using a password manager with unique passwords for every service. Maybe it’s time to start.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in News