All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Nearly 2 billion login details have surfaced on the Dark Web, exposing the staggering scale of a global password crisis.
Cybersecurity firm Synthient uncovered the treasure trove of stolen login details circulating on the Dark Web, which included nearly 2 billion email addresses and 1.3 billion passwords. These aren't from a single security incident but represent accumulated data from numerous breaches over time.
Some of the services that were originally attacked in these data breaches might've warned users to change their passwords. However, if you rely on the same email address and password combo for multiple accounts online, there's a risk these details could be used to infiltrate other accounts.
Passwords remain the frontline defence protecting everything online, from bank balances to private messages and photo libraries. Yet despite their importance, millions of Britons continue to rely on weak or reused passwords — leaving digital lives dangerously exposed.
In fact, it was only recently that Britons finally ditched the word "password" as the most popular choice. Regretably, the replacement wasn't much better.
GB News readers get 4 months of ExpressVPN for FREE to protect their identity from hackers
Protect your money and your identity online. Block the scammers.
Get ExpressVPN right now. This award-winning VPN uses military-grade encryption to secure everything you do online across iPhone, Android, Linux, Windows, Mac, Fire TV, and dozens more.
GB News viewers can save up to 73% and unlock an extra 4 months free.
ExpressVPN
$9.85
$2.65
Troy Hunt, who operates the password protection service Have I Been Pwned and serves as a Microsoft regional director, has verified the large number of email addresses and passwords stolen.
He states, "I hate hyperbolic news headlines about data breaches, but for the '2 Billion Email Addresses' headline to be hyperbolic, it'd need to be exaggerated or overstated, and it isn't."
The exact count from the recent hack stands at 1,957,476,021 individual email addresses. Mr Hunt revealed that the dataset includes "1.3 billion unique passwords, 625 million of which we'd never seen before either."
Using a password manager can help generate and store passwords, passkeys, credit card numbers, national insurance numbers, and much more
|PEXELS
LATEST DEVELOPMENTS
He also described the collection as "the most extensive corpus of data we've ever processed, by a significant margin."
These stolen credentials appear in what cybercriminals call credential-stuffing lists. When hackers acquire login details from one breach, they systematically test those same combinations across numerous other platforms.
A single reused password can compromise dozens of accounts, turning one breach into multiple security failures across a person's entire digital life
| GETTY IMAGESThis automated process exploits a common security weakness: people's tendency to recycle passwords across different services. Criminals understand that someone using the same password for their email might also use it for banking, shopping or social media accounts. A single reused password can compromise dozens of accounts, turning one breach into multiple security failures across a person's entire digital life.
Security experts recommend establishing distinct passwords for every online account, beginning with critical services such as banking platforms, financial applications, Apple ID and Google accounts. Less important websites can be updated afterwards, but the priority should be protecting accounts containing sensitive financial or personal information.
More From GB News