Breaches are an unfortunate reality of the digital era. Chances are, some of the companies you trust your data to are going to get hacked, and sensitive information stored on those servers is going to leak. If you’ve been online for a long time, that means quite a bit of your data is floating around various corners of the internet.
While there isn’t one centralized database for all the stolen credentials on the web, one researcher has compiled quite a large database, that you can check to see if your email address is affected.
183 million email addresses
Cybersecurity researcher Synthient has compiled a massive database of stolen credentials from sources across the internet, amounting to 3.5 terabytes of data. (That’s 3,584 gigabytes). The vast majority of this data—91% of it—has been noted by other researchers already. But because the database is so huge, the 9% that’s new represents a large pool of credentials we haven’t seen before.
The database itself contains 183 million unique email addresses, along with both the websites they were attached to, as well as the passwords used to log into them. According to security researcher and blogger Troy Hunt , 9% of that figure represents 16.47 million credentials that have never been reported in any previous data breach. Hunt reached out to “a bunch” of his subscribers to see whether any of them could find their credentials in this database. One subscriber verified that the database contained a password that they did previously use with their Gmail account, while another confirmed the database contained websites they frequently visited.
At this time, there’s no reason to believe the database isn’t legitimate. These 183 million email addresses—and their associated websites and passwords—are just floating around the internet, while over 16 million of them have never been seen before. Yours could be among them.
How to check if your credentials are in this database
The entire database of 183 million email addresses has been uploaded to Have I Been Pwned . The site catalogues websites that have experienced data breaches, as well as the accounts that were involved. All you need to do is enter your email address in the provided field, and Have I Been Pwned will check it against its database to see whether the address has been involved in any known breaches.
As such, if your email address is included in this latest database, it’ll show up here. It doesn’t look like any of my personal email addresses are in this database, but they’ve been included in plenty of other breaches.
