There are 25 million previously unknown access data for unsuspecting victims circulating on the Internet. Victims should immediately replace their password with a new, secure one.

There is a database circulating on the Internet with 71 million unique login details. This database contains at least 25 million email address and password combinations that were not previously known to have fallen into the hands of hackers. The database was discovered by security researcher Troy Hunt, who is known through the website Was I pwnd?. On this page you can check whether your access data has been lost somewhere.

Login data is traded like hot cakes in the dark depths of the Internet. Hunt is keeping an eye on this, but notes that most databases sold contain password information that has previously surfaced online. Criminals keep passing on this data. That’s why this password dump is so striking: it’s extraordinary that 25 million pieces of brand new data suddenly appear online.

Stolen via malware

The data should come from a so-called ThiefMalware that records username and password when you enter them. The new stolen passwords can therefore be read unencrypted. The malware collected login data for Facebook, eBay and Yahoo, among others. Hunt verified the authenticity of the password information. They appear to be from 2021.

Many victims use simple passwords or reuse a password across different services. Anyone who doesn’t practice good password hygiene should be concerned. Attackers typically use the data from the database to break into other websites.

On the website of Was I pwnd? You can check whether data about your email address is available. In any case, it’s important to choose long and unique passwords for all your accounts. If you can enable MFA, that’s even better. Nowadays, a password that is too short or used multiple times is a guarantee of problems.