Sign in

1.3 billion passwords exposed online: Here’s how to see if yours is at risk

A massive new leak has exposed billions of login details online. Know how to safeguard your password how you can check your own credentials.

Published on: Nov 19, 2025, 12:56:51 IST
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

A new collection of exposed login details is circulating online, and it contains 1.3 billion passwords along with 2 billion email addresses. Security researchers say the data did not come from a single breach. Instead, it was gathered from years of leaked credentials already present on open websites and dark-web forums.

A massive online leak has exposed billions of login details online. (Pexels)
A massive online leak has exposed billions of login details online. (Pexels)
MD Ijaj Khan

Ijaj Khan is a technology journalist and Senior Content Producer at Hindustan Times, with over three years of experience covering the consumer technology industry. His work spans smartphones, laptops, wearables, gaming, appliances and AI - from hands-on reviews, comparison and buying guides to breaking news and in-depth features that help readers cut through the noise and make informed decisions. Before joining HT Tech, he worked with Jagran New Media, where he sharpened his instincts for fast-paced digital reporting. He holds a Post Graduate Diploma in English Journalism and Mass Communication from the Indian Institute of Mass Communication (IIMC), Delhi. Whether he's testing the latest flagship smartphone, tracking a major AI announcement, or putting a gaming laptop through its paces, Ijaj approaches every story with the same goal - making technology feel relevant and easy to understand for everyday users, not just enthusiasts. When he's not in front of a screen for work, he's usually travelling to a new city, hunting for great food, or keeping tabs on what's next in tech before everyone else catches on.

Read moreRead less

The threat intelligence firm Synthient assembled this collection after scanning multiple sources for exposed logins. The company had earlier found more than 180 million leaked email accounts, and this new compilation expands on that work. Much of the data originates from older breaches and long-running credential-stuffing lists that cybercriminals trade and reuse.

Also read: 5 Reasons why OnePlus 15 could be the better pick over the Samsung Galaxy S25 Ultra

Synthient combined the entire dataset and worked with Troy Hunt, the creator of Have I Been Pwned, to verify and make the information searchable. Hunt tested the data using one of his old email addresses and confirmed that known stolen passwords matched entries in the new collection. He then asked a group of Have I Been Pwned subscribers to check their own details, which helped confirm that the dataset also includes previously unseen credentials.

Also read: YouTube Music adds a faster way to find songs: Here’s how it works

How to Check Your Passwords

Have I Been Pwned has added the exposed passwords to its Pwned Passwords service. This tool allows anyone to check passwords without revealing them, as the process runs locally in the user’s browser and does not store email addresses.

Users can visit the Pwned Passwords search page to see if any of their active passwords appear in the leak. If a match appears, they should change that password immediately. Password managers such as Bitwarden, LastPass and Proton Pass offer free password-generation tools that create strong replacements.

Also read: College students can now claim Microsoft 365 Personal full access for free for one year: Here’s how

How to Protect Your Accounts

Security experts recommend avoiding password reuse, as attackers often take one stolen login and test it across multiple sites. They also advise creating strong and unique passwords for every account and enabling two-factor authentication for added protection. Since malware can capture login details directly from infected devices, users should secure their systems with reliable antivirus software and avoid suspicious links or downloads.

Those looking for alternatives can explore passkeys, which use cryptographic keys instead of passwords and resist phishing and credential theft. Strong digital habits and regular checkups can help users stay ahead of emerging threats.

  • MD Ijaj Khan
    ABOUT THE AUTHOR
    MD Ijaj Khan

    Ijaj Khan is a technology journalist and Senior Content Producer at Hindustan Times, with over three years of experience covering the consumer technology industry. His work spans smartphones, laptops, wearables, gaming, appliances and AI - from hands-on reviews, comparison and buying guides to breaking news and in-depth features that help readers cut through the noise and make informed decisions. Before joining HT Tech, he worked with Jagran New Media, where he sharpened his instincts for fast-paced digital reporting. He holds a Post Graduate Diploma in English Journalism and Mass Communication from the Indian Institute of Mass Communication (IIMC), Delhi. Whether he's testing the latest flagship smartphone, tracking a major AI announcement, or putting a gaming laptop through its paces, Ijaj approaches every story with the same goal - making technology feel relevant and easy to understand for everyday users, not just enthusiasts. When he's not in front of a screen for work, he's usually travelling to a new city, hunting for great food, or keeping tabs on what's next in tech before everyone else catches on.Read More