NEWNow you can listen to Fox News articles!
If you haven't checked your credentials lately, now is the time.
There are a staggering 1.3 billion unique passwords and 2 billion unique email addresses online. This event is one of the largest revelations of stolen logins we've ever seen.
This is not the result of one major violation. Instead, threat intelligence company Synthient searched the open and dark web. leak of credentials. You may remember this company from its earlier discovery of 183 million open email accounts. This time the scale is much larger.
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
THE MOST USED PASSWORD IN AMERICA IN 2025 REVEALED
Synthient discovered a huge collection of stolen passwords and email addresses taken from both the open and dark web. (Kurt “CyberGuy” Knutsson)
Where did this huge find come from?
Most of the data comes from credential lists. Criminals extract these lists from old violations and use them in new attacks. Synthient has gone even further. Its founder, Benjamin Brundage, collected stolen logins from hundreds of hidden sources on the Internet.
Data includes old passwords from past violations and new passwords stolen by information-stealing malware on infected devices. Synthient is collaborating with security researcher Troy Hunt, who leads I was punished. He checked the dataset and confirmed that it contained new exposures.
To verify the data, Hunt started with one of his old email addresses. He already knew that he had been added to past credential lists. When he found it in the new treasure trove, he turned to trusted Have I Been Pwned users to confirm the findings. Some of them have never been hacked before, which proves that this leak includes new stolen logins.
183 Million Email Passwords Leaked: Check Yours Now
Hackers use these stolen credentials to launch credential stuffing attacks that target accounts on multiple sites. (iStock)
How to check if your passwords have been stolen
To find out if your email has been affected,
- Visit I was banned. This is the first and official source of this newly added dataset.
- Enter your email address to see if your information appears in the leak.
- When you're done, come back here for step 1 below.
WHAT REALLY HAPPENS ON THE DARK WEB AND HOW TO STAY SAFE
Validation tests showed that the dataset contained fresh stolen credentials that had never appeared in previous breaches. (Kurt “CyberGuy” Knutsson)
How to protect yourself after a massive credentials breach
These simple steps will quickly strengthen your accounts and help you stay ahead of criminals who rely on stolen passwords.
1) Immediately change all open passwords.
Don't leave a known leaked password in place. Change it immediately on each site where you used it. Create a new login that is secure, unique and different from your old one. This step cuts out criminals who already have your stolen credentials.
2) Stop reusing passwords across different sites.
Avoid reusing passwords across different sites. Once hackers have a working email and password pair, they try to use it on other services. This attack method, called credential stuffing, continues to be successful because many people reuse the same login. One stolen password shouldn't unlock every account you have.
3) Use a strong password manager.
A reliable password manager can create new, secure logins for your accounts. It creates long and complex passwords that you don't have to remember. It also stores them securely so you can quickly log in without using risky shortcuts. Many password managers also scan for violations to determine if your current passwords have been compromised.
Next, check to see if your email has been compromised in past hacks. Our #1 password manager (see. Cyberguy.com) Pick includes a built-in breach scanner that checks to see if your email address or passwords have been involved in known breaches. If you find a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best password managers of 2025, reviewed by experts, at Cyberguy.com
4) Enable two-factor authentication.
Even the most secure password can be compromised. Two-factor authentication adds a second step to login. You can enter a code from an authentication app or press a physical security key. This additional layer blocks attackers who try to gain access to your account using stolen passwords.
5) Protect your devices from malware and install powerful antivirus software.
Hackers often steal passwords by infecting your devices. Information-stealing malware lurks inside phishing emails and fake downloads. Once installed, it retrieves passwords directly from your browser and applications. Protect your phones and computers with powerful antivirus software. It can detect and block information-stealing malware before it drains your accounts. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.
Get my picks for 2025's top antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com
6) Consider switching to passwords whenever possible.
If you want better protection, start using access keys on the services that support them. Access keys use cryptographic keys instead of plain-text passwords. Criminals cannot guess them or reuse them. They also prevent many phishing attacks because they only work on trusted sites. Think of access keys as a secure digital lock for your most important accounts.
7) Use a data removal service
Data brokers collect and sell your personal data, which criminals can combine with stolen passwords. A reliable data removal service can help you find and remove your information from people search sites. By reducing the amount of exposed data, it will be more difficult for attackers to attack you with convincing scams and account takeovers.
While no service can guarantee complete removal, they do radically reduce your digital footprint, making it harder for scammers to match leaked credentials with publicly available data to impersonate or target you. These services track and automatically delete your personal information over time, which gives me peace of mind in today's threat environment.
Check out my top data removal services and get a free scan to see if your personal information has already been published online by visiting Cyberguy.com
Get a free scan to see if your personal information has already been published online: Cyberguy.com
8) Check your safety often
Security is not a one-time task. Check your passwords regularly and update old accounts before they become a problem. Review which accounts have two-factor authentication enabled and add it where you can. By being proactive, you can stay one step ahead of hackers and limit the damage from future breaches.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt's key takeaways
Massive leaks like this highlight how fragile digital security can be. Even if you follow best practices, your information can still fall into the hands of criminals due to legacy breaches, malware, or third-party influence. A proactive approach will put you in a stronger position. Regular checks, strong passwords and strong authentication give you real protection.
With billions of stolen passwords, are you ready to check your own and tighten your account security today? Let us know by writing to us at Cyberguy.com
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright CyberGuy.com 2025. All rights reserved.
