Overview
- Have I Been Pwned made a Synthient-collected dataset searchable that pairs email addresses, passwords and sites where they were used.
- Analysis found most entries overlapped past dumps, but about 16.4 million credential pairs were previously unseen.
- Troy Hunt reported at least one affected person confirmed a still-working Gmail password from the dataset.
- The corpus stems from malware “stealer logs” and credential-stuffing lists aggregated over months from forums and Telegram, totaling about 3.5TB.
- Google emphasized there was no Gmail-specific breach and said it resets exposed passwords in large dumps while advising users to change compromised logins and enable multi-factor protections.