One of the biggest password dumps in recent history has been revealed - but there's an easy way to find out if you're at risk

While announcing the new addition, HIBP owner Troy Hunt says he dismissed the database earlier because it seemed to be nothing more than old information - repackaged. Upon closer inspection, however, he determined that a third of the email addresses were brand new, making the data dump “statistically significant”.

Significant data volume

This isn't just the usual collection of repurposed lists wrapped up with a brand-new bow on it and passed off as the next big thing; it's a significant volume of new data,” Hunt wrote. “When you look at the above forum post the data accompanied, the reason why becomes clear: it's from ‘stealer logs’ or in other words, malware that has grabbed credentials from compromised machines.”

When a user types in their email in the Have I Been Pwned? service, if their email pops up under the “Naz.API” submission, that means that they were, most likely, infected by malware at some point in the past (or are infected still). That also means that the malware stole passwords for various services. Unfortunately, it’s difficult to determine which service (unless the user recognizes the unique username/password combination). Some of the services mentioned include Facebook, Yahoo, Roblox, eBay, and others. 

The database counts 319 files, totaling 104GB. Exactly 70,840,771 unique email addresses were exposed, and 427,308 individual Have I Been Pwned? subscribers impacted.

More from TechRadar Pro

• Billions of passwords and email addresses have been leaked online - so change your logins now
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now