Have I Been Pwned: 124 million passwords added to breach database. Yours may be in there, too

Have I Been Pwned: 124 million passwords added to breach database. Yours may be in there, too

56 Million Email Addresses and 124 Million Passwords Added to Have I Been Pwned from Infostealer Malware

On June 15, 2026, the data breach notification service Have I Been Pwned (HIBP) expanded its database with 56.3 million unique email addresses and 124 million passwords, all compromised through infostealer malware targeting Windows PCs. Unlike typical corporate breaches, this dataset was extracted directly from infected devices, often without users’ knowledge.

The stolen credentials originate from "stealer logs" records generated by infostealer malware that harvests saved passwords, browser data, cookies, and other sensitive information from compromised systems. While HIBP did not specify the exact malware strain or source of the logs, the scale highlights the growing threat of infostealers, which operate silently and can exfiltrate data over extended periods.

Infostealers are a favored tool among cybercriminals due to their ability to bypass traditional breach detection. The addition of these records to HIBP’s Pwned Passwords database underscores the risk of credential theft at the endpoint level, not just through large-scale corporate breaches.

Users can check if their email addresses are affected via HIBP’s platform, which now includes the new dataset. The incident serves as a reminder of the persistent threat posed by malware designed to exploit stored credentials on personal devices.

Source: https://www.pcworld.com/article/3168200/124-million-stolen-passwords-discovered-check-your-accounts-now.html

Have I Been Pwned cybersecurity rating report: https://www.rankiteo.com/company/haveibeenpwned

"id": "HAV1781714192",
"linkid": "haveibeenpwned",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '56.3 million',
                        'location': 'Global',
                        'name': 'Individual users (global)',
                        'type': 'Individuals'}],
 'attack_vector': 'Infostealer Malware',
 'customer_advisories': 'Users can check if their email addresses are affected '
                        'via HIBP’s platform.',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '180.3 million (56.3M emails + '
                                              '124M passwords)',
                 'personally_identifiable_information': 'Email addresses, '
                                                        'passwords',
                 'sensitivity_of_data': 'High (credentials and personal data)',
                 'type_of_data_compromised': ['Email addresses',
                                              'Passwords',
                                              'Browser data',
                                              'Cookies']},
 'date_detected': '2026-06-15',
 'date_publicly_disclosed': '2026-06-15',
 'description': 'On June 15, 2026, the data breach notification service *Have '
                'I Been Pwned* (HIBP) expanded its database with 56.3 million '
                'unique email addresses and 124 million passwords, all '
                'compromised through infostealer malware targeting Windows '
                "PCs. The stolen credentials originate from 'stealer logs' "
                'records generated by infostealer malware that harvests saved '
                'passwords, browser data, cookies, and other sensitive '
                'information from compromised systems. The incident highlights '
                'the growing threat of infostealers, which operate silently '
                'and can exfiltrate data over extended periods.',
 'impact': {'data_compromised': '56.3 million email addresses and 124 million '
                                'passwords',
            'identity_theft_risk': 'High',
            'systems_affected': 'Windows PCs'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Likely (common with '
                                                    'infostealer logs)',
                           'entry_point': 'Infected Windows PCs'},
 'investigation_status': 'Ongoing (malware strain/source not specified)',
 'lessons_learned': 'The incident underscores the persistent threat posed by '
                    'infostealer malware, which can bypass traditional breach '
                    'detection and exploit stored credentials on personal '
                    'devices.',
 'motivation': 'Financial gain (credential theft for resale or exploitation)',
 'post_incident_analysis': {'corrective_actions': 'Enhanced endpoint security, '
                                                  'user education on malware '
                                                  'risks, and regular '
                                                  'credential audits.',
                            'root_causes': 'Infostealer malware exploiting '
                                           'endpoint-level vulnerabilities '
                                           '(e.g., unpatched software, weak '
                                           'credentials)'},
 'recommendations': 'Users should check if their email addresses are affected '
                    'via HIBP’s platform, enable multi-factor authentication, '
                    'and regularly update security software to mitigate '
                    'infostealer risks.',
 'references': [{'date_accessed': '2026-06-15',
                 'source': 'Have I Been Pwned (HIBP)'}],
 'response': {'communication_strategy': 'Public disclosure via HIBP platform',
              'third_party_assistance': 'Have I Been Pwned (HIBP) data breach '
                                        'notification service'},
 'title': '56 Million Email Addresses and 124 Million Passwords Added to Have '
          'I Been Pwned from Infostealer Malware',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Endpoint-level credential theft'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.