Experimenting with Stealer Logs in Have I Been Pwned

Have I Been Pwned imported a massive corpus of infostealer logs (billions of rows, ~71 million impacted addresses, 220 million email–domain pairs, 167 million unique passwords) and is experimenting with features that let verified individuals and domain-owning organizations query which domains an email appears next to and add passwords to Pwned Passwords; the report highlights corporate exposure, potential for account takeover, scale of criminal resale, and cautions about the accuracy and limitations of stealer-log data.