Nexanet
<- Go Back

Have I Been Pwned Adds 284M Accounts Stolen by Infostealer Malware

Customer Avatar
Justine Garrett
Product Marketing Manager

Popular data breach notification service Have I Been Pwned (HIBP) has added 284 million compromised accounts to its database after discovering stolen credentials in stealer logs leaked on a Telegram channel. The data, which originated from a collection known as "ALIEN TXTBASE," contains a staggering 1.5TB of information gathered by various infostealer malware strains.

HIBP founder Troy Hunt revealed that the logs include 23 billion rows of stolen data, featuring 493 million unique website and email address combinations. This massive breach highlights the growing threat posed by information-stealing malware, which secretly harvests login credentials from infected devices and spreads them across cybercriminal networks.

Inside the ALIEN TXTBASE Data Leak

What Was Stolen?

The stolen credentials were extracted from stealer malware logs—data collected from compromised devices where cybercriminals use malicious software to capture login details, session cookies, and autofilled credentials. The dataset included:

  • 284 million unique email addresses linked to stolen accounts.
  • 493 million email and website pairings, indicating where credentials were stolen from.
  • 244 million previously unseen passwords added to HIBP’s Pwned Passwords database.
  • 199 million existing passwords flagged as compromised in past breaches.

How Were the Credentials Verified?

Before adding the stolen accounts to HIBP, Troy Hunt confirmed their authenticity by attempting password reset requests for some of the affected email addresses. When legitimate services triggered password reset emails, it confirmed that the leaked data contained valid credentials.

How Can Users Check if They Were Affected?

HIBP has made these stolen credentials searchable for:

  • Domain Owners & Website Administrators: Through new API integrations, businesses with subscription access can search the stealer logs for credentials linked to their domain.
  • Regular Users: Individuals subscribed to HIBP notifications can check if their email addresses were part of the breach. Specific website details related to the breach are only visible after email verification to prevent exposure of sensitive services.

The Growing Threat of Infostealer Malware

Information stealers have become one of the most effective tools in cybercriminal arsenals, silently collecting login details, banking credentials, cryptocurrency wallets, and personal data. These logs are frequently sold on dark web forums or distributed for free on Telegram channels like ALIEN TXTBASE, fueling credential stuffing attacks, identity theft, and financial fraud.

Recent infostealer breaches tracked by HIBP include:

  • December 2021: 441,000 accounts stolen via RedLine malware, revealing 6 million stolen credential logs.
  • February 2025: 12 million Zacks Investment accounts compromised, exposing names, usernames, IP addresses, and physical addresses.
  • June 2023: 8.8 million additional Zacks Investment accounts containing SHA256-hashed passwords, addresses, and phone numbers.

How to Protect Your Credentials from Infostealer Malware

  • Enable Strong Authentication Measures: Use password managers to generate unique, complex passwords for each account, and enable multi-factor authentication (MFA) with hardware security keys (YubiKey, Titan) or authentication apps.
  • Monitor & Secure Your Online Accounts: Regularly check HIBP to see if your credentials have been compromised, change passwords immediately if affected, and enable real-time login alerts for sensitive accounts.
  • Defend Against Malware Infections: Avoid downloading files or software from untrusted sources, keep operating systems and antivirus software updated, and use endpoint protection solutions to detect and block infostealer malware.

Final Thoughts: The Need for Proactive Cybersecurity

The ALIEN TXTBASE breach is another reminder of the dangers posed by infostealer malware, which continues to compromise millions of credentials worldwide. As cybercriminals leak and trade stolen accounts at an alarming rate, businesses and individuals must take cybersecurity seriously—implementing strong authentication, regular monitoring, and malware protection to safeguard their accounts.

With Have I Been Pwned adding millions of new stolen credentials, users should immediately check if their accounts have been compromised and take steps to secure their online identities before cybercriminals exploit them.

Protect Your Credentials with Nexanet

Cybercriminals trade stolen credentials daily, making it essential to monitor and secure your accounts. Nexanet provides real-time dark web monitoring, data breach alerts, and advanced authentication solutions to protect individuals and businesses from credential theft and identity fraud.

Your Privacy, Our Priority

Learn what’s been shared without your consent.

Choose us to take a stand for your freedom and safeguard your right to privacy.