Summary: The “Have I Been Pwned” service has integrated approximately 284 million accounts compromised by stealer malware, discovered on a Telegram channel. This includes newly added passwords and updates on existing ones, helping organizations better understand and combat credential theft. The introduction of new APIs allows efficient searches for affected users by domain or website.
Affected: Have I Been Pwned (HIBP) service and various organizations relying on user credentials
Keypoints :
- 284 million compromised accounts were identified in logs from a Telegram channel called “ALIEN TXTBASE.”
- Troy Hunt confirmed the authenticity of stolen accounts through password reset attempts.
- New APIs allow organizations to search for stolen credentials by email or website domain.
- Regular users can subscribe to notifications to check if their accounts were affected but with limited information access.
- The data may contain both old and new credentials stolen through various methods.