The breach notification service Have I Been Pwned (HIBP) has added 284 million compromised email accounts to its database after discovering them in a 1.5TB collection of stolen credentials named ALIEN TXTBASE. The data was shared on a Telegram channel and included passwords and email addresses stolen by infostealer malware.

HIBP founder Troy Hunt confirmed the legitimacy of the data before adding it to the platform, stating that the dataset contains 23 billion rows of stolen credentials collected from infected computers. He noted that 69% of the email addresses were already in the HIBP database, meaning many users had already been exposed in prior breaches.

As a result of this discovery, HIBP has also added 244 million previously unseen passwords to its Pwned Passwords repository, which allows users to check if their passwords have been compromised.

The dataset’s origin was traced back to cybercriminals distributing stealer logs via Telegram. These logs contain credentials harvested through malicious software installed on victims’ devices. Hunt highlighted the risks associated with downloading pirated software, noting that many victims unknowingly infected their devices by torrenting popular paid programs.

To help organizations combat credential theft, HIBP has introduced new API tools that allow businesses to search for compromised email addresses by domain. This feature helps companies identify employees or customers at risk and take preventive measures, such as forcing password resets or enabling multi-factor authentication (MFA).

BleepingComputer explained that these API services, available under HIBP’s paid subscription, provide up to 1,000 email searches per minute, making it easier for security teams to track threats in real-time.

Credential theft continues to affect millions, as seen in the recent Hot Topic breach, where the credentials of 57 million customer accounts were stolen and later found for sale online.