A huge collection of stolen usernames and passwords, totalling over 183 million, has been added to a website called Have I Been Pwned (HIBP). This big pile of data, named the “Synthient Stealer Log Threat Data,” is not a regular leak from just one company but a massive collection of information stolen directly from people’s computers over time using malicious software commonly known as infostealers.
Who Found the Data?
The stolen data was gathered by a college student named Benjamin Brundage (Ben), who works with a cybersecurity company called Synthient LLC in Seattle. Ben and Synthient spent about a year building a system to monitor and collect this data from the places where cybercriminals trade it.
According to Ben’s own blog post, the team had to process massive amounts of information to create this clean, usable data set for victims. At its peak, their system recorded as many as 600 million stolen credentials in a single day, and they indexed a total of 30 billion Telegram messages from channels where logs were shared.
What Was Stolen?
The threat actors used an infostealer malware, which secretly copied information as people used their infected computers. This malware is very dangerous because it steals more than just your login information. When the data was checked on October 21, 2025, it confirmed 183 million unique accounts.
For people who check HIBP, the leak lists the email address, the website they were logging into, and the actual password they used. Most importantly, the data set included 16.4 million email addresses that had never shown up in any security leak before.
Because the information was stolen from your own computer, the cybercriminals might also have: Active Session Cookies (which let them log in without a password), Credit Card Details (any bank or credit card numbers you saved in your web browser), and Cryptocurrency Wallet Info (logins and keys for digital currency wallets).
The widespread concern about stolen passwords is clear. Just days before this new data was added, on October 18, 2025, HIBP founder Troy Hunt shared on social media that his Pwned Passwords service had processed a massive 17.45 billion requests in just 30 days. This shows how many people are checking if their passwords have been exposed, with the service handling an average of 6,733 requests per second and hitting peaks of 42,000 requests per second.
Your To-Do List Right Now
If your email address is in this leak, act fast. Cybercriminals likely have your password and may even have the keys to your accounts. You must immediately change your passwords on all exposed websites and turn on 2-Step Verification for important accounts (like email and banking). This stops a threat actor from logging in, even with your old password.
Also, stop saving passwords in your browser; use a secure password manager app instead. Finally, run a full scan with a good antivirus program to check your computer for any leftover malware.
Threat to Cybersecurity
The massive Synthient Stealer Log data set shows that the trade in stolen passwords is still going strong. Every exposed login adds to the problem, fueling more attacks, eroding digital trust, and stretching out the impact of each breach.
Commenting on this, Darren Guccione, CEO and Co-Founder at Keeper Security, told Hackread.com that the underground market for stolen credentials has evolved from isolated leaks into a complex network where billions of usernames and passwords are traded and reused across platforms.
He explained that this system endures because passwords remain one of the most common yet weakest forms of authentication. According to him, a mix of human mistakes, password reuse and AI-driven automation enables attackers to compromise accounts faster than traditional defences can respond.
Guccione added that modern security now requires identity to be the foundation of every cybersecurity strategy. He emphasised the need for zero-trust and zero-knowledge frameworks that verify every access request and secure credentials through end-to-end encryption.
He also pointed to passwordless authentication methods such as passkeys, biometrics and hardware security keys as effective ways to reduce exposure by replacing static passwords with cryptographic verification.
Where passwords still must be used, Guccione recommended automation to manage and rotate them regularly, reducing long-term risks. He further noted that password management and dark web monitoring play a vital role in detecting compromised credentials early, allowing users or organisations to act before attackers can exploit them.
In addition, he said, enabling multi-factor authentication ensures that even if one credential is stolen, it cannot be used to gain unauthorised access. He concluded by stressing that reducing dependence on passwords, strengthening authentication, and protecting identities through zero-knowledge encryption are key steps toward closing one of the most persistent security gaps. Doing so, he said, will help restore trust and safety across the digital space.