Have I Been Pwned contains ten billion data breach records

The database of data leak search engine Have I Been Pwned contains more than ten billion records. The ‘milestone’ was reached earlier this week by a data breach at Wattpad, in which more than a quarter of a billion accounts were seized.

Have I Been Pwned founder Troy Hunt writes in a blog post about the record number of data breaches. The ten billion record mark comes seven years after Hunt started the website. In June 2016, three years after its founding, there were one billion records on the site.

In total, there are now more than ten billion data leaks in the database. It concerns ‘records’; leaks of a hacked account, often in combination with a hashed or unhashed password and sometimes other information that Hunt includes on the site. The ten billion records are therefore not unique accounts, there can be many duplications between them.

The biggest data breaches on Have I Been Pwned come from security researchers who find online databases with many records in them, such as unsecured Elasticsearch servers. The biggest hacking breaches occurred at MySpace, with 360 million accounts looted, and China’s NetEase with 234 million accounts.

The ten billion record mark was reached by a recent massive data breach at Wattpad. Last week, Bleeping Computer discovered a database of 268 million accounts of the writing service circulating on the Internet. During that data breach, passwords that had been hashed with bcrypt were stolen in addition to usernames, e-mail and IP addresses and dates of birth.