A massive cache of stolen data containing over 23 billion records has surfaced online, exposing more than 183 million unique email addresses, with at least 16.4 million of them never seen before in any previous data breach. The data, known as the Synthient Threat Data, was shared with cybersecurity expert Troy Hunt, the creator of the platform Have I Been Pwned (HIBP), which helps people check if their personal information has been compromised.
What Happened
US-based college student Ben from Synthient, who specialises in threat intelligence, uncovered the breach after aggregating 3.5 terrabytes of leaked credentials from multiple underground sources, including Telegram channels, social media, dark web forums, and Tor networks. He then passed the data to Hunt for verification and inclusion in HIBP.
According to Hunt, the dataset consists of two types of stolen information, “stealer logs” and “credential stuffing lists”. Malware that infects computers captures user credentials entered on websites and generates stealer logs. Meanwhile, hackers compiled the credential stuffing lists by reusing credentials from earlier data breaches to break into other accounts.
How Big Is the Data Breach?
Hunt said the collection contained 3.5 terabytes of information spread across files, the largest of which was 2.6TB in size, with a total of 23 billion rows of data. “After checking a sample of 94,000 email addresses, 92% had been previously seen,” Hunt wrote in his blog. That also means 8%, about 16.4 million addresses, had never appeared in HIBP before.
HIBP has now indexed these newly discovered records under the name “Synthient Stealer Log Threat Data.” Users can check if their email or password has been exposed using the platform’s free search tools.
How Was the Data Breach Verified?
Before confirming the data as legitimate, Hunt reached out to some affected users for verification. One of them confirmed that his Gmail password listed in the breach was accurate. “Yes, I can confirm that was an accurate password on my Gmail account a few months ago,” the user said. Another affected person verified that the leaked records correctly included websites he had visited, such as online casinos, crypto platforms, and VPN services.
Hunt said such verification patterns, where leaked data matched a user’s online behaviour, proved the dataset’s authenticity. In several cases, the breach data also revealed that password reuse across different accounts was a major security issue.
Google’s Response
Google rejected widespread reports of a “Gmail security breach” and stated that hackers had not compromised its systems. In an official post on X (formerly Twitter), the company stated, “Reports of a ‘Gmail security breach impacting millions of users’ are false. Gmail’s defences are strong, and users remain protected.”
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
