News

1.3 billion passwords leaked: How to check if you are affected

1.3 billion passwords leaked: How to check if you are affected
Tada Images / Shutterstock
By S. Bjerregaard 12. November 2025

How to check if your information is among the stolen data.

A huge data breach has hit the internet and left security experts in shock.

According to new information, more than one billion passwords and nearly two billion email addresses have been published in what is described as the largest leak of its kind ever.

Behind the revelation is Australian security researcher Troy Hunt, who runs the well-known website Have I Been Pwned.

The platform allows ordinary users to see if their email addresses or passwords have been compromised.

Hunt calls the new discovery the most comprehensive data set he has ever handled. More than 600 million of the passwords had never before appeared in his database.

Old data

According to initial analysis, the data does not stem from one specific hacker attack.

Instead, it is a collection of old data leaks from many different sources that have now been collected and published in one place.

This type of data is often used in credential-stuffing attacks, where hackers attempt to log into user accounts using previously leaked information.

Most worryingly, many of the passwords are still in use today.

A series of tests by Hunt and his team showed that people are still using the same codes that have been compromised for over a decade.

This means that millions of accounts can potentially be accessed by unauthorized parties, especially if the user reuses their password in multiple places.

How to protect yourself

Experts recommend that you immediately check if your information has been leaked at haveibeenpwned.com. If your email address is in the database, you should:

  1. Change passwords on all important accounts – especially email, social media and online banking.
  2. Use a password manager that can generate strong, unique codes.
  3. Enable two-factor authentication (2FA) where possible so hackers can’t log in using just your password.

Although the leak did not originate from Gmail, analysis shows that nearly 400 million Gmail addresses are included in the material.

This emphasizes how extensive and long-lasting this type of data breach can be and how important it is to take your digital security seriously.

Latest news

See more news