Severity: CRITICAL

A massive collection of stealer logs from various sources, accumulated in June 2026, has been added to Have I Been Pwned. This corpus contains 56 million unique email addresses and 124 million unique passwords. The exposed data includes credentials harvested by infostealer malware, posing a significant risk for credential stuffing attacks and account takeovers. Users are advised to check if their email addresses are compromised and reset passwords, especially if reused.

Source: Have I Been Pwned latest breaches