Data leak search website Have I Been Pwned increased by 284 million accounts

The archive of the data leak search website Have I Been Pwned (HIBP) is growing and growing: those responsible have recently added access data from around 284 million accounts from various data leaks.

Finding compromised login data

On the HIBP website, you can check whether your email address or passwords appear in data leaks. The individual search is free of charge. For a fee, website operators can now tap into two new APIs to find customers affected by data leaks, for example.

The data package originates from a Telegram channel called ALIEN TXTBASE. The operator of HIBP Troy Hunt states in a post that he has checked the leaked access data and classifies it as genuine.

Infostealers often hide in cracked software from Adobe, for example. In some cases, Trojans disguised as legitimate applications even appear at the top of Internet search results.

After installation, however, a victim is not greeted by the Adobe logo, but the malware copies as much account data as possible in the background and forwards it to cyber criminals. In the end, the login data ends up in huge lists for sale in underground forums.

New API services

Domain owners and website operators can now use two new APIs for a fee. The service is aimed at large customers who want to effectively search entire email and website domains for compromised accounts. For example, the domain owners of www.netflix.com could identify customers with already leaked login data.

HIBP last added the leaked login data of around 96 million 1win users to its archive at the beginning of February 2025.

(des)