Have I Been Pwned (HIBP), a cybersecurity service, recently disclosed one of the largest data exposure events in its 11-year history, revealing the integration of 23 billion rows of stolen credentials. The data stems from a malware operation called “ALIEN TXTBASE,” and contains 493 million unique website-email pairs and 284 million unique email addresses. Additionally, 244 million new passwords were added to HIBP’s Pwned Passwords database, significantly increasing the scale of compromised data. This breach marks a major update for the platform, expanding the scope of exposed credentials and showing the growing scale of cybercriminal activities.
The breach originated from a Telegram channel that was distributing “stealer logs”—records of credentials harvested from malware-infected devices. Initially, the channel offered teaser files containing 36 million entries, but later required paid subscriptions for access to the full breach. The stealer logs were found to belong to victims worldwide, including individuals from various countries like the Philippines, Germany, and Mexico. Notably, a Filipino Netflix user and a German Mercedes owner were among those impacted by the leak, demonstrating the widespread nature of the attack.
One of the most concerning aspects of the breach is how these stolen credentials were used for credential-stuffing attacks.
The logs were monetized through the Telegram channel, which had a subscription-based model for accessing fresh logs. These stolen credentials were then used to attempt logins across multiple platforms, which is a common tactic for attackers seeking to gain unauthorized access to accounts. The data leakage not only impacts the affected individuals but also increases the likelihood of future cyberattacks, including identity theft and phishing campaigns.
HIBP’s founder, Troy Hunt, verified the authenticity of the stolen data by conducting password-reset tests from regions where the breaches occurred, such as the Philippines and Venezuela. One such test revealed details about a German user, whose exposed logins not only included email addresses but also personal interests like whisky collecting and professional preferences. This data highlights how these breaches allow cybercriminals to build detailed profiles of individuals, increasing the effectiveness of phishing attempts and identity theft. The incident underscores the growing risks tied to cybercrime and the increasing use of platforms like Telegram to facilitate these malicious activities.
Reference:
