Written by Rafaela Tertuliano – São Paulo
October 28, 2025, 4:12 PM
Massive Data Breach: Understand the impact and how to protect yourself
Nothing like a massive data breach to bring essential discussions about digital security back to the table. On October 27, it was revealed that a database containing 193 million unique emails and 3.5 billion records was added to the website Have I Been Pwned a platform that allows users to check whether their credentials have been exposed.
In total, the system analyzed more than 23 billion lines of compromised data, including logins, passwords, and browsing histories from users around the world. In other words, this is one of the largest leaks in recent history.
Where the compromised data came from
According to researcher Troy Hunt, this case differs from a traditional breach, which usually results from a single targeted attack.
In this case, the information originated from stealer logs, malware that silently installs itself on computers and mobile devices, capturing everything typed, from logins and passwords to banking access.
In other words, it’s a continuous, real-time process that doesn’t rely on directly hacking servers.
The underground data market
These malicious programs fuel a vast underground market, with new devices being infected every second. Today, even platforms like Telegram have become meeting points for the illegal trade of personal information.
Moreover, both public and private channels operate as true “digital marketplaces,” where criminal groups share or sell data packages.
This structure is organized in a pyramid-like hierarchy:
- Primary Sellers: leaders of the operation;
- Aggregators: collect and organize data from multiple sources;
- Transfers: distribute the malware.
A single channel can publish up to 50 million credentials per day.
Automated monitoring
To keep up with this growing threat, the Have I Been Pwned team developed an automated monitoring system using 20 premium Telegram accounts running 24/7.
These accounts identify patterns, download files, and detect suspicious activities. Still, the volume of new data is staggering, about 600 million new credentials processed within a few days.
How to protect your information
This episode highlights a crucial point: digital security must be a daily habit, not an occasional concern.
These leaks don’t just happen due to isolated failures, but also because of the constant activity of infostealers and the widespread circulation of data across underground networks.
Although the case came to light only recently, evidence suggests that the breach occurred back in April.
To check whether your information has been affected, visit haveibeenpwned.com and enter your email address. The site will indicate if your credentials appear in any compromised databases from the past ten years.
Steps to strengthen your security
If your account has been compromised, take these actions immediately:
- Change your passwords and avoid reusing them;
- Create strong combinations using letters, numbers, and symbols;
- Enable two-factor authentication (2FA);
- Review connected devices and remove unfamiliar ones;
- Revoke access for apps you don’t recognize;
- Avoid suspicious links and public Wi-Fi networks;
- Finally, use a reliable password manager like 1Password, Bitwarden, or Google’s own tool.
Waymaker Projects’ commitment
As the saying goes, data is the new oil, and like any valuable asset, it also attracts crime.
In light of this, Waymaker Projects closely monitors the developments of this case and reaffirms its commitment to responsible innovation, data governance, and digital education as key pillars of a safer and more conscious technological transformation.
