124 million passwords added to breach database. Yours may be in there, too

PCWorld reports that Have I Been Pwned added 56 million email addresses and 124 million passwords from infostealer malware targeting Windows PCs. These credentials were stolen directly from infected devices rather than corporate breaches, with users often unaware of the ongoing data theft. Immediate password changes, two-factor authentication, and unique passwords for each service are essential to protect against these prevalent cybercriminal tools. The data breach notification service Have I Been Pwned (HIBP) has added a large number of compromised login credentials to its database. In total, 56.3 million email addresses and 124 million passwords have been added. What makes this dataset notable is its origin. Unlike many previous entries, it does not stem from a single cyberattack on an online service. Instead, HIBP says the information was extracted directly from infected computers and devices.