Cybernews has exposed a massive data breach, revealing a total of up to 16 billion leaked account credentials globally, affecting platforms such as Apple, Google, and Facebook. Researchers describe this incident not only as a leak but also as a blueprint for large-scale misuse, with its scale and potential risks setting records.
Researchers at Cybernews have been monitoring online activities since the beginning of the year, uncovering that this data comes from over 30 unprotected datasets, including login information for social platforms, developer portals, and government services.
The 16 billion leaked account credentials almost double the current global population, indicating that many users may have had more than one set of credentials compromised. Researchers point out that the dataset likely contains a significant amount of duplicate records, making it difficult to accurately determine how many individuals or accounts have been exposed.
It’s noteworthy that these leaked credentials did not stem from a single breach or target a specific company in a one-time attack. Instead, the data seems to come from multiple separate incidents, aggregated over time and released publicly within a short period.
Cybernews highlights that various types of “infostealers” are likely the main cause of this breach. These malicious programs infiltrate victims’ devices or systems to steal sensitive information.
The data structure shows a high level of consistency, including URLs, login information, and passwords, some even with cookies and session tokens that can be used to bypass multi-factor authentication (MFA).
While major companies have not experienced centralized security vulnerabilities, researchers note that the leaked data contains login URLs and account information for these platforms.
The report suggests that this data could be used for activities like account takeover, identity theft, phishing, business email compromise (BEC), and ransomware attacks.
Researchers emphasize that this leaked data is not a compilation of old data but represents “the latest, highly potent intelligence for large-scale attacks.”
Of particular concern is that this massive scale of data breach provides fertile ground for account takeover, phishing, ransomware, and BEC attacks.
Some datasets even indicate connections to platforms like Russia and Telegram, indicating that these credentials come from various languages and usage environments worldwide.
Cybernews also found that these kinds of super large datasets appear “almost every few weeks,” showing that data-stealing malicious software is rapidly spreading.
As such data breach incidents become more frequent, cybersecurity experts urge the public to maintain basic “cyber hygiene” habits.
Cybernews recommends that users immediately change their passwords, avoid using the same or similar credentials across different websites, utilize password management tools to generate strong passwords, regularly update account information. If possible, enable multi-factor authentication (MFA) to add an extra layer of identity verification through a phone, email, or security key.
Researchers point out that some services do not reset session tokens after a password change, potentially allowing them to still be used to bypass multi-factor authentication.
Aras Nazarovas, a member of the Cybernews team, says, “The best defense is to: change your password immediately, enable two-factor verification, closely monitor account activities, and contact customer service if any anomalies are detected.”