Cybernews researchers have uncovered what may be the largest unreported credential leak in history — a staggering 16 billion login records exposed across 30 separate datasets. The data most likely originates from various infostealers and was briefly exposed in unsecured cloud storage systems.
Key research findings:
- The datasets that the team uncovered differ widely. The smallest, named after malicious software, had over 16 million records.
- The largest dataset, most likely related to the Portuguese-speaking population, had over 3.5 billion records.
- On average, one dataset with exposed credentials had 550 million records.
- 455 million records in a dataset referencing the Russian Federation, suggesting possible links to regional malware or data operations.
- 60 million records in a dataset labeled “Telegram.”
- Many datasets followed a uniform structure: URL — username/email — password, suggesting the use of modern infostealers as the primary data source.
- Numerous datasets contained tokens, cookies, and metadata, increasing the risk of bypassing multi-factor authentication and launching advanced phishing attacks.
- New datasets continue to surface every few weeks, highlighting how prevalent and persistent infostealer malware is in the wild.
Alarmingly, ownership remains unknown. The Cybernews team believes that some collections may have been curated by cybercriminals seeking to scale attacks.
Leak significance
Even with a low success rate, these massive collections enable phishing, identity theft, and unauthorized access at a global scale — and offer users very limited ways to defend themselves once exposed.
The exposure of 16 billion login credentials represents not just a security lapse but a critical turning point in how credential data is accumulated, stored, and exploited.
These findings raise urgent concerns about account security, data aggregation risks, and the lack of safeguards in credential management ecosystems.
To read the full research report, please click here.
Like this:
Like Loading...
Related
This entry was posted on June 18, 2025 at 9:46 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cybernews Researchers Have Discovered 16-Billion-Record Data Breach
Cybernews researchers have uncovered what may be the largest unreported credential leak in history — a staggering 16 billion login records exposed across 30 separate datasets. The data most likely originates from various infostealers and was briefly exposed in unsecured cloud storage systems.
Key research findings:
Alarmingly, ownership remains unknown. The Cybernews team believes that some collections may have been curated by cybercriminals seeking to scale attacks.
Leak significance
Even with a low success rate, these massive collections enable phishing, identity theft, and unauthorized access at a global scale — and offer users very limited ways to defend themselves once exposed.
The exposure of 16 billion login credentials represents not just a security lapse but a critical turning point in how credential data is accumulated, stored, and exploited.
These findings raise urgent concerns about account security, data aggregation risks, and the lack of safeguards in credential management ecosystems.
To read the full research report, please click here.
Share this:
Like this:
Related
This entry was posted on June 18, 2025 at 9:46 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.