Synthient Credential Stuffing Threat Data — 2.0B accounts
Severity: Critical · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources . Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords. Working to turn breached data into awareness, Synthient partnered with HIBP to help victims of cybercrime understand their exposure.
Breach facts
- Accounts affected
- 1,957,476,021
- Verified
- Yes
- Sensitive
- No
- Data exposed
- Email addressesPasswords
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.