Cybersecurity experts have identified a significant breach involving a mysterious database that holds an astonishing 16 billion login credentials, marking it as one of the most substantial data leaks ever recorded. The breach has reportedly affected prominent tech giants such as Apple, Facebook, and Google, in addition to government websites from various countries. This exposure granted malicious actors unprecedented access to sensitive personal information, heightening the risks of account takeovers, identity theft, and phishing schemes.
Massive Leak of Login Information
A report from CyberNews indicates that the vast majority of the compromised information stemmed from credential stuffing attacks, infostealer malware, and repurposed data from previous leaks. Since the start of the year, researchers have uncovered 30 distinct datasets, each containing from tens of millions to over 3.5 billion records, cumulatively reaching nearly 16 billion records unearthed thus far.
Experts believe that threat actors utilized infostealer logs to acquire this confidential data. The breach has ramifications for a wide range of entities, including major companies and governmental institutions. Companies like Apple, Facebook, Google, GitHub, and Telegram were particularly affected.
The breach encompasses a diverse array of platforms, including social media, corporate services, VPN providers, developer portals, and government operations across multiple nations. Notably, aside from one dataset, the majority had not been identified in prior security incidents, suggesting that much of the exposed data is newly acquired.
According to the researchers, the nature and recency of the datasets pose a significant concern. “These aren’t merely recycled breaches; this is fresh, weaponizable intelligence at scale,” they stated.
The leaked data was organized in a structured format, with URLs followed by login details and corresponding passwords. This systematic approach is a known tactic used by cybercriminals to facilitate data theft. The smallest identified dataset contained over 16 million records, while the largest boasted upwards of 3.5 billion entries, with each dataset averaging around 550 million compromised credentials.
Some of the datasets were labeled with generic terms like “credentials” or “logins,” while others explicitly referred to the services from which the credentials were obtained. Notably, one dataset named after Telegram included 60 million records.
The report reveals that all datasets were exposed briefly but long enough for cybersecurity experts to detect them. They were accessible via unsecured object storage instances or Elasticsearch configurations. However, investigators have yet to identify the entity behind the control of these 16 billion records.
Researchers warn that data breaches of this magnitude can be exploited by malicious actors to conduct phishing campaigns, hijack accounts, launch ransomware attacks, and orchestrate business email compromise (BEC) operations.
