A data breach containing 16 billion login credentials has been exposed. The data includes logins for social media, VPN services, developer platforms, and government services.
Researchers from Cybernews have discovered 30 datasets that together contain more than 16 billion login credentials. These collections of login information were found on unsecured cloud environments and were likely obtained using infostealers. The largest dataset contained more than 3.5 billion records.
The data usually contains a URL, username, and password. This indicates the use of modern infostealer malware: software that collects login credentials and other sensitive data. Some datasets also contain tokens, cookies, and metadata, which increases the risks of identity fraud, phishing, and account takeover.
The origin of the data is not entirely clear. Some dataset names suggest involvement of specific services or regions, such as Telegram or Russia. Other files are generically named, making further analysis difficult. One of the largest files appears to target a Portuguese-speaking audience and contains more than 3.5 billion records.
Roadmap of the Internet
According to the researchers, it’s also difficult to say how many accounts have been affected. With so many different large datasets, there’s a high chance of overlap in the data. The data was taken offline again shortly after discovery. Nevertheless, the scale of the data breach is sufficient for the researchers to be concerned.
According to the researchers, this leak can be seen as a “roadmap for mass exploitation”. The information can lead to phishing campaigns, business email compromise, ransomware attacks, and other forms of cybercrime. Organizations without multi-factor authentication or a strong password policy are particularly at risk.
The researchers make it clear that even brief exposure of login credentials poses risks. Users and organizations are advised to improve their cyber hygiene. This includes using unique, strong passwords with a password manager, changing passwords if there are indications that the password has been leaked, and checking systems for infostealers.
Mother of all Data Breaches
Data breaches are becoming increasingly large in scale. Although 16 billion potentially unique login credentials is a significant number, this data breach is not yet the record holder. A data breach from early 2024, where a single database with no less than 26 billion login credentials was discovered, remains the champion to date.
The advice remains the same. Create unique and strong passwords for all your online accounts and enable MFA where possible. Passkeys offer a safer alternative to passwords, although this login system is gaining traction slowly.