Researchers at Cybernews have found 30 datasets containing a total of 16 billion login credentials. These records were stored across open online databases and include usernames, passwords, tokens, and session data for a range of platforms.
Most of this information seems to have come from infostealer malware, this is software that quietly collects saved logins from infected devices. Unlike old leaks that sometimes get recirculated, this data is recent and neatly structured, which makes it more useful to those looking to misuse it.
The exposed accounts cover services like Apple, Google, Facebook, Telegram, and GitHub, as well as government platforms and business tools. Because there’s overlap between datasets, the real number of affected users isn’t clear, but the scale is still massive.
Where Did The Data Come From?
It wasn’t one big hack, this is the result of many smaller ones. Infostealer malware works silently in the background after someone installs a fake programme, clicks on a dodgy link, or opens a file they shouldn’t have. Once installed, it collects login details, cookies, browser data and more.
The collected information then gets bundled into large files and either sold or shared. That’s what researchers found not one big leak, but 30 big sets of records gathered from different sources. Some datasets had names like “logins” or “Telegram,” while others were tied to specific malware or languages, like one linked to Portuguese-speaking users.
Some of the leaks were only public for a short time, likely by accident, but that was long enough for them to be copied.
More from News
- Diverse Startup Boards Stand A Much Higher Chance At Success – Why Is That?
- Let’s Talk About The White House App: Informative, Intrusive Or Irrelevant?
- 75% Of Fans Oppose VAR As Experts Analyse The Technology Behind It
- How Much Are UK Households Spending On Subscriptions Each Month?
- Indonesia Is The Next Country To Introduce Social Media Bans For Teens
- WTF At Work? New Research Shows UK Staff Trapped In Tech Frustration
- How Does The EU Data Breach Impact The UK?
- Bluesky Launches New AI App To Rival X’s Grok
Was Facebook Or Apple Actually Hacked?
According to Cybernews researcher Bob Diachenko, there’s no evidence that Apple, Google, or Facebook were directly breached. The platforms themselves weren’t broken into. Instead, their users’ login details were collected by malware on personal devices.
Basically, people’s passwords for those services were stolen, not because the companies failed to secure their systems, but because the users were exposed elsewhere. So while credentials linked to those companies are part of the leak, the breach didn’t come from inside their networks.
That still puts those accounts at risk, especially if the same password is used across different services.
What Makes This Leak Different From Past Ones?
This isn’t the first big credential breach of course, but the size and recency of the data are a way higher scale. Some past leaks were years old and had already been reset or made useless. In this case, the data includes newer entries, sometimes with working session cookies and tokens that don’t require a password to log in.
That means some of the logins might still work, especially if people haven’t changed their passwords in a while. The inclusion of session tokens also makes it harder to secure accounts, because those aren’t always reset when a password is changed.
Researchers also noticed a shift in where these datasets are showing up. Instead of being traded quietly on messaging apps like Telegram, some of them are being left on cloud storage platforms. That makes them easier to find for both researchers and criminals.
What Can People Do Now?
One of the researchers at Cybernews, Aras Nazarovas, said, “The increased number of exposed infostealer datasets in the form of centralized, traditional databases, like the ones found be the Cybernews research team, may be a sign, that cybercriminals are actively shifting from previously popular alternatives such as Telegram groups, which were previously the go-to place for obtaining data collected by infostealer malware.”
To stay protected, he recommends, “Some of the exposed datasets included information such as cookies and session tokens, which makes the mitigation of such exposure more difficult. These cookies can often be used to bypass 2FA methods, and not all services reset these cookies after changing the account password.
“Best bet in this case is to change your passwords, enable 2FA, if it is not yet enabled, closely monitor your accounts, and contact customer support if suspicious activity is detected.”
