What happened
According to public breach records, the Synthient Credential Stuffing Threat Data data breach on April 11, 2025 is reported to have exposed the personal information of 1,957,476,021 accounts.
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords. Working to turn breached data into awareness, Synthient partnered with HIBP to help victims of cybercrime understand their exposure.
This was not a breach of a single company but an aggregation of credential-stuffing combolists that threat-intelligence firm Synthient compiled during 2025 from numerous locations where cybercriminals had published stolen email-and-password pairs, and then provided to Have I Been Pwned (added November 6, 2025). The corpus contained 1,957,476,021 unique email addresses and roughly 1.3 billion unique passwords, of which about 625 million had never previously appeared in HIBP's Pwned Passwords service. Credential-stuffing lists like this are notable because the email/password pairs are reused by attackers to break into unrelated accounts of people who reuse passwords, and many of the exposed passwords were found still in active use.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
Breach details
| Detail | Value |
|---|---|
| Breach name | Synthient Credential Stuffing Threat Data |
| Date | April 11, 2025 |
| Accounts affected | 1,957,476,021 |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Synthient Credential Stuffing Threat Data; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change the password on any account where you reused the exposed password, and never reuse that password again across sites.
- Use a password manager to generate a unique password for every account, since credential-stuffing attacks specifically exploit reused passwords.
- Enable two-factor authentication (2FA) everywhere it is offered so a leaked password alone cannot grant account access.
- Check the affected email address on Have I Been Pwned and prioritize changing credentials on high-value accounts (email, banking, primary logins) first.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: Synthient Credential Stuffing Threat Data Breach
- Troy Hunt: 2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned
- Troy Hunt: Inside the Synthient Threat Data
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →