The Pemiblanc Leak Contains More Records Than the Entire US Population

HEROIC analysts identified the Pemiblanc compilation while monitoring servers and underground channels known to distribute large credential archives. In April 2018, researchers discovered a massive file stored on a server in France containing 344,093,910 records compiled from dozens of prior data breaches. This was not a breach of a single company but rather a purposefully assembled credential list designed to make account takeover attacks as easy as possible. The leaked data contained email addresses and plaintext passwords, meaning every record in the list was immediately usable with no technical knowledge required. The sheer scale of this compilation makes it one of the more concerning credential dumps ever surfaced, and the data has continued to circulate and be reused in automated attacks long after its initial discovery.

Why 344 Million Plaintext Credentials From Pemiblanc Fuel Mass Account Takeovers

With over 344 million plaintext email and password pairs in a single file, Pemiblanc gave attackers an extraordinary weapon for credential stuffing campaigns. Credential stuffing is the practice of taking a list of known working logins and testing them against other websites automatically, exploiting the fact that most people reuse passwords. Because the Pemiblanc list was drawn from multiple prior breaches, it contained credentials that had already been verified as real at some point. Attackers using this list against banking platforms, email services, and e-commerce sites had a higher than average success rate. A single person's credentials appearing in this list could result in account takeovers across every service where they reused that password, leading directly to identity theft and financial fraud. The accessable format of the data, a plain text file organized for automated use, showed this was built to cause maximum harm at scale.

What Was Exposed in the Pemiblanc Breach

• Email Address
• Plaintext Password

Why the Pemiblanc Scale Makes It a Lasting Threat to Everyone

Most data breaches affect thousands or a few hundred thousand people. Pemiblanc touched over 344 million records, a number larger than the entire population of the United States. This means the odds that your email address appears somewhere in this list are significant, even if you have never heard of Pemiblanc before. The compilation draws from breaches across many industries, countries, and years, so the data has broad coverage. Anyone whose credentials ever appeared in any of the source breaches contributing to this compilation may be represented here. Attackers continue to use lists like this for credential stuffing, phishing, and social engineering campaigns because they are broad, verified, and readily seperate from difficult to obtain. Years after its original discovery, this data remains in active circulation on dark web forums and automated attack platforms.

How a Database Breach Works

A database breach occurs when an attacker gains unauthorized access to the storage systems where a website keeps user account data. In the case of a compiled list like Pemiblanc, the source material came from many separate breaches where attackers had already broken into individual company databases. Each of those source breaches typically happened through software flaws, stolen administrator credentials, or unsecured servers. Once an attacker had the data from each source breach, all those records were merged into one massive file, aggregated and organized specifically to make automated login attacks easier to run at scale.

Check If Your Data Was Exposed

HEROIC's free breach scanner searches across more than 400 billion records, including data from large-scale compilations like Pemiblanc. Because this list drew from so many different sources, a scan is the most reliable way to find out whether your email address and passwords are circulating in breach databases. Visit HEROIC and run a free check today to take control of your digital security.