Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data

Have I Been Pwned (HIBP), the popular breach notification service, has added another massive dataset to its platform. This time, 1.96 billion accounts connected to the Synthient Credential Stuffing Threat Data, in collaboration with the threat-intelligence firm Synthient.

Users who subscribe to HIBP alerts, including this writer, received an email notification stating: “You’ve been pwned in the Synthient Credential Stuffing Threat Data data breach.”

According to the message, the incident involves nearly two billion unique email addresses and around 1.3 billion passwords. The data includes email addresses and passwords that were compiled from previous breaches and circulated within credential-stuffing lists. These lists are commonly used by attackers to target accounts where users have reused passwords across multiple platforms.

The notification specifies that the breach occurred in April 2025, but notes that data like this can take months or even years before it becomes publicly accessible and is processed by HIBP. The platform aims to alert users as soon as the data becomes verifiable and available for inclusion.

****What the Data Is and How It Originated****

HIBP’s description explains that the information was not taken directly from a single hacked service. Instead, it was aggregated by Synthient, a threat-intelligence firm that collects and analyses credential-stuffing data from malicious sources across the internet.

During 2025, Synthient compiled nearly 2 billion unique email addresses from various breached databases, many already circulating in clear and dark web forums. These credentials are often used by cybercriminals to automate login attempts on unrelated platforms in hopes of gaining access to additional accounts through password reuse.

Email sent by Have I Been Pwned (Image credit: Hackread.com)

****Not the First Synthient Dataset Added to HIBP****

This isn’t the first time Synthient data has appeared on Have I Been Pwned. In October 2025, as reported by Hackread.com, HIBP added another dataset titled Synthient Stealer Credentials, which contained 183 million stolen credentials harvested from stealer logs.

That earlier collection represented information directly extracted from infected devices, while this new addition is a compilation of credentials gathered from credential-stuffing lists rather than live malware infections.

****What Users Should Do****

The addition of this data shows the risks of password reuse and large-scale credential aggregation. Even if the data isn’t from a new direct breach, having your email and password appear in such lists means your accounts could be at risk.

For now, it is recommended that anyone notified through the service should change reused passwords immediately, enable two-factor authentication, and avoid using the same password across multiple accounts.

****Avoid the Clickbait Confusion****

Readers should be cautious about exaggerated or misleading reports that may surface following this update. This incident is not a direct data breach. The dataset combines information from previously exposed credentials found in multiple sources and compiled by Synthient.

The collection includes email addresses from many providers such as Hotmail, Gmail, Yahoo, and others, but that does not mean these services were hacked. Claims like “2 billion Gmail accounts hacked” or “Google breached” will be false and misleading.

Summary

1. Breach Name: Synthient Credential Stuffing Threat Data
2. Date of Breach: April 2025
3. Accounts Affected: 1.96 billion
4. Data Exposed: Email addresses and passwords
5. Source: Aggregated credential-stuffing lists collected by Synthient
6. Related Incident: Synthient Stealer Credentials (183 million accounts, added October 2025)