News that 183 million unique stolen email and password pairs have been added to Have I Been Pwned (HIBP) further proves that stolen credentials have become an established part of the digital economy.The data was collected by a U.S. college student only known as Ben, who collected the stolen credentials for Synthient, a cybersecurity company based in Seattle.According to CyberInsider, the data contains 23 billion rows of data that was sourced from infostealer malware logs, Telegram groups, and various online forums.“An underground market that began as isolated data leaks has evolved into a sophisticated network where billions of usernames and passwords are traded on the dark web and reused across countless platforms,” said Darren Guccione, co-founder and CEO at Keeper Security. “Each exposed credential fuels a cycle of exploitation that weakens digital trust and prolongs the impact of every breach. This ecosystem endures because passwords remain one of the most common and most vulnerable forms of authentication.”Guccione added that the combination of human error, password reuse, and AI-driven automation lets attackers compromise accounts at a scale and speed that traditional defenses struggle to match.Gary Orenstein, chief customer officer at Bitwarden, added that the Synthient dataset is notable because it aggregates real credentials captured from infostealer malware operating on infected devices rather than a single breach. Orenstein said those credentials were later collected from Telegram channels, Tor sites, and underground forums where stolen data continually gets shared, merged, and resold.“This reflects the industrial scale of credential theft, where stolen information moves through a digital supply chain of resale and recombination,” said Orenstein. “Exposure rarely stems from a singular breach. It’s often the result of password reuse across multiple services and devices. Maintaining visibility into leaked credentials, enforcing MFA, and applying authentication policies that reject known compromised passwords can help contain fallout from future dumps like this one.”Antony Parks, a threat intelligence researcher at Rapid7, said threat actors looking to purchase credentials can be incredibly specific with their targeting because underground marketplaces often let buyers search by the target domain or even individual email address.Parks said this makes credential-based attacks an effective way for experienced threat actors to diversify their approach and for new attackers to find early success. Although the data they are selling remains the same, Parks said the industry has seen a gradual shift over time as new stealers and new sellers rise to prominence.“While threat actors continue to gain access to credentials through a variety of means, the best approach to ensure your network remains secure is to enforce mandatory MFA,” said Parks. “Following that, organizations should use cyber threat intelligence to identify where employee credentials are listed for sale, and what password has been leaked. With this multipronged approach, many of the credential-based attacks can be defeated before threat actors gain entry to your company's infrastructure.”
Identity, SSO/MFA, Decentralized identity and verifiable credentials

Over 180 million stolen credentials added to Have I Been Pwned

(Adobe Stock)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



