The data breach notification service Have I Been Pwned (HIBP) has added over 284 million compromised accounts after discovering a massive trove of stolen credentials on a Telegram channel.
The data shared on a channel called ALIEN TXTBASE, comes from 1.5TB of stealer logs, containing 23 billion rows of data with 493 million unique website and email address pairs.
HIBP founder Troy Hunt confirmed the authenticity of the dataset by testing whether stolen email addresses would trigger password reset requests from the affected services. The logs likely contain both new and old credentials, stolen through credential-stuffing attacks and past breaches.
As part of the update, HIBP has also added 244 million previously unseen passwords to its Pwned Passwords database and updated 199 million known compromised passwords. To help organizations mitigate threats, new API capabilities now allow domain owners and website operators to check if their users’ credentials have been exposed. These APIs, available through an HIBP subscription, support up to 1,000 email searches per minute.
While regular users can also check if their accounts appear in the ALIEN TXTBASE breach, they must be subscribed to HIBP notifications. Hunt noted that the system won’t publicly reveal which websites users’ credentials were stolen from to protect sensitive information.
HIBP continues to expand its database with newly discovered breaches. Earlier this month, the service added 12 million accounts from Zacks Investment, following a breach exposing personal and login data. In 2021, it integrated 441,000 accounts compromised by RedLine malware, and in 2023, it added 8.8 million Zacks users’ records containing email addresses, phone numbers, and passwords.
