ExploitIn
Critical Impact•
593,427,119 records affected
•
HaveIBeenPwned
Description
In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
What to do if you're affected
- 1.Change your password immediately if you have an account with this service
- 2.Enable two-factor authentication (2FA) wherever possible
- 3.Check if your email appears in the breach using Have I Been Pwned
- 4.Monitor your accounts for suspicious activity
- 5.Consider using a password manager to generate unique passwords