Hacker Leaks 3.3 Billion Emails and Yes Every Single One Is Unique

A hacker leaked 3.3 billion emails from multiple public breaches, because who needs privacy anymore?

By Marco Rizal - Editor, Journalist 3 Min Read
Share this post?
Share this post?

A hacker leaked 3.3 billion emails from multiple public breaches, because who needs privacy anymore?

  • A staggering 3.3 billion unique emails were leaked in an underground forum.
  • The leak came from previous breaches, combined and cleaned of duplicates.
  • Hackers and cybercriminals will likely exploit this treasure trove of personal data.

Imagine waking up to find your email address among the 3.3 billion unique addresses floating around the dark reaches of the internet.

Thanks to a hacker known as Addka72424, who casually dropped this large collection of emails on an underground crime forum.

Your inbox is now just one little piece of a massive puzzle available to anyone willing to perform some cyber-sleuthing.

The hacker explained that he compiled the data from various public breaches and forums because he was simply intrigued about how much unique info he could get.

image 91
Hacker’s post on BreachForums

What was the result? A staggering 3.3 billion unique email addresses were gathered from compromised websites.

Oh, and in case you’re wondering, this represents about one out of every four individuals on Earth. (Although clearly, every person has more than one email account.)

image 92
3.3 billion unique emails available for download

The total data package weighs in at about 21.8GB, compressed into a convenient zip file for downloading.

Addka72424 states this is not the first time he has done this. The process began last year, when he decided to combine multiple breaches and look for unique data.

He spent months methodically removing duplicates and getting rid of junk domains.

The end result is a database of approximately 3.3 billion distinct emails, polished with the same regex filters employed by none other than Troy Hunt of Have I Been Pwned.

image 87
Regex filter used by Troy Hunt (Credit: Addka72424)

According to Addka72424, this is not a large-scale criminal organization, but rather a small experiment to demonstrate how much public data is currently available.

But how does this affect you, dear internet user? For instance, if your email is in that collection, it means whoever had your data previously did a bad job of protecting it.

The hacker claims that none of these emails were obtained through private leaks. This is all already public information, which should make you feel… little better.

No? Okay, maybe just reset your password and enable two-factor authentication before a cybercriminal converts your Netflix account into their personal free for all.

Compared to the RockYou2024 password leak, which contains 10 billion passwords but with countless variations with “password” or “12345678” showing up hundreds of times.

This email leak consists of actual user emails from the past year, providing cybercriminals and phishing scammers with a huge pool of targets to exploit.

Addka72424 added a remark stating if the media picks this up, please know that it was purely for research purposes.

He wants us to take a moment to understand the scope of this leak—after all, how often do you get to look at the emails of one-quarter of the world?

Leave a comment