Change Your Passwords Right Now: 560 Million Email Credentials Have Been Leaked 

Change Your Passwords Right Now: 560 Million Email Credentials Have Been Leaked 

You know by now that you should be changing your passwords regularly — every day there seems to be another cyber security crisis. If you haven’t changed your passwords recently, it’s now officially time: A massive database containing login credentials is floating around the internet.

Image from Adikos

We don’t know who’s behind the breach, but over 560 million leaked emails and passwords — 243.6 million unique email addresses — are compromised. First uncovered by the Kromtech Security Research Center, the leak has been confirmed by security researcher Troy Hunt, who created the “Have I Been Pwned” website.

What kind of information does it have?

The good news is, there hasn’t been a new hack: The trove of credentials is a collection of data from previous breaches at LinkedIn, DropBox, LastFM, MySpace, Adobe, Neopets, Tumblr and others. Some of these breaches are years old.

What makes this database troublesome from a security standpoint is how accessible it makes sensitive information. It basically compiled private data from various prior hacks to create one convenient database for hackers to illegally access.

Who is at risk?

Essentially, anyone who never updated their credentials at the time of the original breach. If you haven’t stayed on top of every hack and checked your status each and every time, then you could be at risk.

How to check if your credentials are compromised

The easiest way to see if your credentials are vulnerable is to go to Hunt’s site — Have I Been Pwned. Here, you can type in your email and find out if your email and password are safe or not.

You may have changed your password at the time of a given breach, but the website doesn’t tell you specifics on which hack released your password. And let’s be real: You may not remember either. If this is your first time on the site and you get the dreaded “Oh no — pwned!” message, then it’s best take a screenshot of the result and change your password immediately.

Why screenshot? The site tells you how many “breached sites” it’s on (in other words, how many unique incidents took your credentials) and if there are any “pastes” — a paste is when the information is shared on a public website. Saving this information (you can also jot it down somewhere safely) can let you know in the future if you’ve been breached again if the information in the results change.

Don’t understand what’s going on? It’s OK. Just go change your email password to be safe. And be sure to create a strong password.


  • Agreed, but there is no point changing a simple password for another simple password.
    G/k><0-8Mu(=)v5*[email protected] checked by Password Haystack at Steve Gibson Research Corp. gives the following scenario of how long to crack such a password.
    Online Attack Scenario:
    (Assuming one thousand guesses per second)
    1.09 hundred thousand trillion trillion centuries
    Offline Fast Attack Scenario:
    (Assuming one hundred billion guesses per second)
    1.09 billion trillion centuries
    Massive Cracking Array Scenario:
    (Assuming one hundred trillion guesses per second)
    1.09 million trillion centuries

Comments are closed.

Log in to comment on this story!