Researchers at Cybernews have found 30 datasets containing a total of 16 billion login credentials. These records were stored across open online databases and include usernames, passwords, tokens, and session data for a range of platforms.
Most of this information seems to have come from infostealer malware, this is software that quietly collects saved logins from infected devices. Unlike old leaks that sometimes get recirculated, this data is recent and neatly structured, which makes it more useful to those looking to misuse it.
The exposed accounts cover services like Apple, Google, Facebook, Telegram, and GitHub, as well as government platforms and business tools. Because there’s overlap between datasets, the real number of affected users isn’t clear, but the scale is still massive.
Where Did The Data Come From?
It wasn’t one big hack, this is the result of many smaller ones. Infostealer malware works silently in the background after someone installs a fake programme, clicks on a dodgy link, or opens a file they shouldn’t have. Once installed, it collects login details, cookies, browser data and more.
The collected information then gets bundled into large files and either sold or shared. That’s what researchers found not one big leak, but 30 big sets of records gathered from different sources. Some datasets had names like “logins” or “Telegram,” while others were tied to specific malware or languages, like one linked to Portuguese-speaking users.
Some of the leaks were only public for a short time, likely by accident, but that was long enough for them to be copied.
More from News
- Bank Of England Holds Interest Rates At 4.25%, What Does This Mean For UK?
- 23andMe Co-Founder Bids To Buy Back Data After Company Announces Bankruptcy
- How Is The UK Boosting The Cyber Sector?
- Starlink Is Bringing More Connectivity Options To The UK, Here’s How
- Is AI To Blame For Recent Big Tech Job Cuts?
- Experts Share: How In-App Whatsapp Ads Will Affect The Overall User Experience
- UK’s NayaOne Enters Saudi Market With AstroLabs, Launching First Fully Saudi-Hosted Fintech Platform
- How Is Google Dealing With Fraud In India?
Was Facebook Or Apple Actually Hacked?
According to Cybernews researcher Bob Diachenko, there’s no evidence that Apple, Google, or Facebook were directly breached. The platforms themselves weren’t broken into. Instead, their users’ login details were collected by malware on personal devices.
Basically, people’s passwords for those services were stolen, not because the companies failed to secure their systems, but because the users were exposed elsewhere. So while credentials linked to those companies are part of the leak, the breach didn’t come from inside their networks.
That still puts those accounts at risk, especially if the same password is used across different services.
What Makes This Leak Different From Past Ones?
This isn’t the first big credential breach of course, but the size and recency of the data are a way higher scale. Some past leaks were years old and had already been reset or made useless. In this case, the data includes newer entries, sometimes with working session cookies and tokens that don’t require a password to log in.
That means some of the logins might still work, especially if people haven’t changed their passwords in a while. The inclusion of session tokens also makes it harder to secure accounts, because those aren’t always reset when a password is changed.
Researchers also noticed a shift in where these datasets are showing up. Instead of being traded quietly on messaging apps like Telegram, some of them are being left on cloud storage platforms. That makes them easier to find for both researchers and criminals.
What Can People Do Now?
One of the researchers at Cybernews, Aras Nazarovas, said, “The increased number of exposed infostealer datasets in the form of centralized, traditional databases, like the ones found be the Cybernews research team, may be a sign, that cybercriminals are actively shifting from previously popular alternatives such as Telegram groups, which were previously the go-to place for obtaining data collected by infostealer malware.”
To stay protected, he recommends, “Some of the exposed datasets included information such as cookies and session tokens, which makes the mitigation of such exposure more difficult. These cookies can often be used to bypass 2FA methods, and not all services reset these cookies after changing the account password.
“Best bet in this case is to change your passwords, enable 2FA, if it is not yet enabled, closely monitor your accounts, and contact customer support if suspicious activity is detected.”