Security News > 2024 > January > Have I Been Pwned adds 71 million emails from Naz.API stolen account list
Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.
The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware.
Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to breach accounts on other sites.
The stolen data is collected in text files and images, which are stored in archives called "Logs." These logs are then uploaded to a remote server to be collected later by the attacker.
Each line in the Naz.API data consists of a login URL, its login name, and an associated password stolen from a person's device, as shown below.
While there are close to 71 million unique emails, for each email address, there are likely many other records for the different sites' credentials were stolen from.