On June 12th, the Cybernews research team discovered a data leak involving 24 billion records, making it one of the largest leaks ever found. The leak included tens of billions of login credentials from 36 sources, ranging from Telegram channels to combined data collections of previous data breaches. The Cybernews team says the leak is most likely an infostealer log database.
Here are the key findings:
- The records were stored on a publicly accessible Elasticsearch cluster, a group of interconnected search servers. The total volume of information in the cluster exceeded 8.3 terabytes.
- The leaked data included login credentials in raw format, with each login detail saved separately, including email addresses, usernames, and passwords in plaintext. Researchers also identified URLs that the leaked credentials are supposed to grant access to.
- The data was collected from numerous sources, with over 1.7 billion records taken from hacking-oriented Telegram channels.
- The data is no longer publicly exposed, and so far, Cybernews cannot identify the owner of the leaked credentials.
- Cybernews is unable to accurately say how old or new the leaked data is. Based on a February 2026 news article contained in the leak, it appears the data owner regularly updates the cluster with new information.
The leak highlights the danger of infostealing malware, as nearly all exposed records were infostealer logs. Users may accidentally download infostealer malware through pirated software, infected PDFs, or other compromised files. Once infected, the malware may then secretly extract passwords, autofill details, credit card numbers, and even access to crypto wallets, often without the user realizing their device has been compromised.
The Cybernews research team monitors and analyzes various sources for leaked data to help people maintain and improve their online privacy and security.
For more information and screenshots of the leaked database, here’s the full report: https://cybernews.com/security/24-billion-credentials-data-leak
Related
This entry was posted on June 17, 2026 at 8:27 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
24 billion records leaked online, including usernames and passwords: billions at risk of account takeover
On June 12th, the Cybernews research team discovered a data leak involving 24 billion records, making it one of the largest leaks ever found. The leak included tens of billions of login credentials from 36 sources, ranging from Telegram channels to combined data collections of previous data breaches. The Cybernews team says the leak is most likely an infostealer log database.
Here are the key findings:
The leak highlights the danger of infostealing malware, as nearly all exposed records were infostealer logs. Users may accidentally download infostealer malware through pirated software, infected PDFs, or other compromised files. Once infected, the malware may then secretly extract passwords, autofill details, credit card numbers, and even access to crypto wallets, often without the user realizing their device has been compromised.
The Cybernews research team monitors and analyzes various sources for leaked data to help people maintain and improve their online privacy and security.
For more information and screenshots of the leaked database, here’s the full report: https://cybernews.com/security/24-billion-credentials-data-leak
Share this:
Like this:
Related
This entry was posted on June 17, 2026 at 8:27 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.