Massive Data Breach: 183 Million Passwords Leaked
A major cybersecurity breach has exposed 183 million passwords, putting millions of email accounts at risk across platforms like Gmail, Yahoo, and Outlook.
Key Takeaways
- 183 million passwords stolen in a massive data leak
- Affects Google, Yahoo, Outlook, and other email providers
- Data was collected through malware called ‘infostealers’
- Users can check if they’re affected at haveibeenpwned.com
The Scale of the Breach
Cybersecurity expert Troy Hunt revealed that hackers leaked 183 million passwords in what appears to be one of the largest data breaches of 2023. The stolen data amounts to 3.5 terabytes – equivalent to 875 full-length HD movies.
The breach occurred in April and compromised email accounts across multiple domains including Google, Yahoo, and Outlook services.
How the Data Was Stolen
According to Hunt’s analysis on haveibeenpwned.com, the passwords weren’t leaked in a single incident but through ‘stealer logs’ – data files generated by malware that continuously collects personal information.
“Stealer logs are more of a firehose of data that’s just constantly spewing personal info all over the place,” Hunt explained in his blog. “Once the bad guys have your data, it often replicates over and over again via numerous channels and platforms.”
The Hacker Network Operation
UK’s Metro reported that the 183 million passwords were collected from computers infected with ‘infostealers’ malware. This malicious software records email IDs and passwords when users log into their accounts.
The stolen data, organized as ‘stealer logs,’ circulates through complex hacker networks. At its peak, this network contained up to 600 million stolen credentials.
American college student Benjamin Brundage, working with cybersecurity firm Synthient, developed a tool that uncovered the massive scale of data circulating in these hacker ecosystems. Synthient then shared this data with haveibeenpwned.com.
How to Protect Yourself
Users can visit haveibeenpwned.com to check if their email credentials were compromised in this or previous breaches. Security experts recommend:
- Changing passwords immediately if affected
- Enabling two-factor authentication
- Using unique passwords for different services
- Monitoring accounts for suspicious activity
This breach highlights the growing sophistication of cyber threats targeting average internet users and the ongoing challenge of securing personal data online.
