A huge trove of more than 16 billion login credentials from services such as Apple, Google and Facebook was exposed this week, the Cybernews research team reported on Friday.
Researchers reviewed 30 datasets, each holding between tens of millions and 3.5 billion records, all briefly stored in unsecured systems. The data included usernames, passwords, tokens and cookies, putting every user at risk of account takeovers, identity theft and targeted phishing attacks.
Details of the Exposure
Cybernews began its monitoring at the start of the year and found each dataset available for a short time through unsecured Elasticsearch or object storage instances.
None of the datasets, except one 184 million record collection reported by Wired in late May, had been seen before. Most appeared and vanished within days, making it impossible to trace who was behind them.
Despite the brief windows of exposure, the sheer volume of credentials created a perfect storm for cybercriminals.
Scope and Scale
In total, researchers uncovered roughly 16 billion exposed records. The data spanned social media sites, corporate platforms, developer portals and virtual private network services.
Also Read: Gate.io’s User Base Reaches 20 Million Days After Alleged Data Breach Rumors
Cybernews warned that new massive datasets have popped up every few weeks, highlighting how common data‑stealing malware has become.
The researchers called this not just a leak but a “blueprint for mass exploitation,” since the fresh nature of these records makes them far more dangerous than old breaches recycled on the dark web.
Threat to Crypto Users
The cryptocurrency industry could suffer serious fallout. Many exchanges and wallet services tie access to email accounts. With leaked credentials in hand, attackers may mount targeted account takeovers.
Some wallets allow seed‑phrase backups protected by passwords stored in cloud drives. If those passwords match exposed credentials, hackers could gain private keys and drain assets.
Analysts expect exchanges to push password resets or enforce stricter login checks to protect user funds.
Data Stealing Malware at Work
Researchers noted that most of these datasets were likely compiled by cybercriminals using data‑stealing malware. This type of software quietly harvests credentials, cookies and metadata before sending them to central servers.
The frequent emergence of super‑large datasets shows that infostealer malware is now automated and highly efficient. Even tech‑savvy users can fall prey if they reuse passwords or skip multi‑factor authentication.
Taking Action to Protect Accounts
Users should change passwords on every critical account, especially email, social media and financial services. Enabling multi‑factor authentication can stop attackers even if they have a password.
People who use password managers should audit their stored entries and remove any old or unused logins. Companies must scan their storage systems for open Elasticsearch or object storage instances and lock them down immediately.
This record‑breaking leak serves as a stark reminder that no service is immune. Even brief exposure of login credentials can fuel waves of cyberattacks. As new datasets continue to appear, staying alert and adopting stronger security practices remain the best defence.
Also Read: Coinbase Data Breach Hacker Mocks ZachXBT After Major $42.5M Swap