Stealer Logs Breach: Have I Been Pwned Adds 56 Million Accounts

On June 15, 2026, the global cybersecurity landscape faced a stark reminder of the shifting mechanics of digital identity compromise. The widely used breach notification service Have I Been Pwned (HIBP) officially integrated a massive, aggregated dataset of malware-harvested credentials labeled the “June 2026 Stealer Logs” into its database. Comprising approximately 56.3 million unique email addresses extracted from hundreds of millions of individual malware-generated logs, this dump represents a paradigm shift in threat capabilities. Unlike traditional server-side data breaches targeting a single company’s database, these stealer logs are the byproduct of silent, client-side endpoint infections. In total, this integration added 124 million unique, plaintext passwords to HIBP’s Pwned Passwords database, making them searchable by both individuals and security administrators. This massive release highlights the escalating threat of infostealer malware, which has successfully industrialized the extraction of browser-saved passwords, session cookies, and sensitive autofill forms directly from active user systems.

Understanding Stealer Logs: The Mechanics of Endpoint Exfiltration

To fully comprehend the danger posed by the June 2026 Stealer Logs, one must understand how