Data breach notification service Have I Been Pwned has been updated to include 361 million email addresses from credentials exfiltrated in credential-stuffing attacks and password-stealing malware intrusions that have been leaked on Telegram channels used by cybercriminals, BleepingComputer reports.
More than 150 million of the newly added email addresses have not been previously processed by the HIBP, according to the site's founder Troy Hunt, who noted that the exposed email addresses were part of the 1,700 files obtained from the Telegram channels.
"Alongside those addresses were passwords and, in many cases, the website the data pertains to," said Hunt, who was able to verify the legitimacy of some of the leaked email addresses by using websites' password reset forms.
Such an extensive breach is likely to impact all websites seeking credentials, noted BleepingComputer, which was able to receive a list of credentials used on its site that had been compromised by information-stealing malware.
