All products and promotions are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Nearly two billion stolen email logins have surfaced on the dark web, exposing the staggering scale of a global password crisis.
A cybersecurity firm called Synthient has uncovered the collection of stolen login details circulating on the dark web, having gathered compromised credentials from various breaches.
Their findings show that hackers have access to nearly two billion email addresses alongside 1.3 billion passwords. These aren't from a single security incident but represent accumulated data from numerous breaches over time.
Passwords remain the frontline defence protecting everything from bank balances to private messages and photo libraries. Yet despite their importance, millions of Britons continue to rely on weak or reused passwords—leaving their digital lives dangerously exposed. In fact, it was only recently that Britons finally ditched the word "password" as the most popular choice.
Black Friday Deal — NordPass drops to 79P + unlock 3 months free
NordPass is a secure password manager that works across your favourite devices, including iPhone and Android, Windows and Mac computers, iPad and other tablets ...it will evaluate your password strength, autofill login details for you, and warn about any data breaches that impact you. It's a one-stop-shop to improve your online security and fight back against hackers from the team behind the award-winning NordVPN
NordPass Password Manager
$1.29
$.79
Switch to 1Password for free
The award-winning 1Password is designed to generate and store unguessable passwords, passkeys, credit card numbers, national insurance numbers, and much more. Its built-in WatchTower feature evaluates password strength and warns about data breaches that impact you. 1Password is currently free to test for 14 days with no obligation to subscribe
1Password Password Manager
Troy Hunt, who operates the password protection service Have I Been Pwned and serves as a Microsoft regional director, has verified the large number of email addresses and passwords stolen.
He states, "I hate hyperbolic news headlines about data breaches, but for the '2 Billion Email Addresses' headline to be hyperbolic, it'd need to be exaggerated or overstated, and it isn't."
The exact count from the recent hack stands at 1,957,476,021 individual email addresses. Mr Hunt revealed that the dataset includes "1.3 billion unique passwords, 625 million of which we'd never seen before either."
Using a password manager can help generate and store passwords, passkeys, credit card numbers, national insurance numbers, and much more
|PEXELS
LATEST DEVELOPMENTS
He also described the collection as "the most extensive corpus of data we've ever processed, by a significant margin."
These stolen credentials appear in what cybercriminals call credential-stuffing lists. When hackers acquire login details from one breach, they systematically test those same combinations across numerous other platforms.
A single reused password can compromise dozens of accounts, turning one breach into multiple security failures across a person's entire digital life
| GETTY IMAGESThis automated process exploits a common security weakness: people's tendency to recycle passwords across different services. Criminals understand that someone using the same password for their email might also use it for banking, shopping or social media accounts. A single reused password can compromise dozens of accounts, turning one breach into multiple security failures across a person's entire digital life.
Security experts recommend establishing distinct passwords for every online account, beginning with critical services such as banking platforms, financial applications, Apple ID and Google accounts. Less important websites can be updated afterwards, but the priority should be protecting accounts containing sensitive financial or personal information.
More From GB News