You can now search for 2 billion email addresses and 1.3 billion passwords that have been leaked in the past, and check if your information has been leaked.



The website '

Have I Been Pwned? ', which allows users to search for previously leaked email addresses and passwords, has reportedly added approximately 2 billion new email addresses and 1.3 billion leaked passwords.

Troy Hunt: 2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned
https://www.troyhunt.com/2-billion-email-addresses-were-exposed-and-we-indexed-them-all-in-have-i-been-pwned/

Have I Been Pwned? is a website that maintains a database of email addresses and passwords that have been leaked from companies and sold or published on the dark web, allowing users to search and see if their information has been leaked.

On November 5, 2025, it was discovered that approximately 2 billion email addresses and 1.3 billion passwords had been newly registered on Have I Been Pwned?

You can search to see if your information is registered by clicking the link below. The information entered by the user is simply referenced in a database and is not stored anywhere. For security reasons, the registered email address and password are not linked in any way.

Have I Been Pwned: Check if your email address has been exposed in a data breach
https://haveibeenpwned.com/



According to Troy Hunt, founder of Have I Been Pwned?, the added data was provided by security tool

Synthient .

Hunt searched the 200 million records to see if his own information was included, and discovered that a password associated with an old email address he'd used since the 1990s was registered. He then contacted several of his Have I Been Pwned? subscribers and asked them to help verify the data. They responded, 'I found old and recent passwords that I no longer use. I've changed all of my important accounts that use those passwords,' and 'These are passwords I've used for many years on throwaway accounts and less important accounts.'



The leaked passwords were not just simple ones like '1234,' but also included commonly considered strong passwords that included uppercase and lowercase letters, numbers, and special characters.

Some media outlets have reported that the cause of this massive leak was a vulnerability in Gmail, but Hunt points out that of the 2 billion email addresses, there are 32 million email address domains, and while Gmail has the most, it only has 394 million, so it cannot be said that Gmail is particularly to blame.

Hunt has notified Have I Been Pwned? subscribers of the breach, urging them to review their passwords and take all possible security measures, such as using a password manager, choosing strong and unique passwords, and using passkeys where possible.

Related Posts:

in Security, Posted by log1p_kr