Researchers from Cybernews have found 30 datasets with various sensitive information, which together contain 16 billion login credentials from various platforms. They include data from social networks like Facebook, Google and Apple accounts, VPN services, GitHub, Telegram, and many others.
Cybernews researchers suggest that the data most likely comes from various data thieves. Almost none of the datasets the researchers found have made the news before, with the exception of one with 184 million records, which, despite its size, is one of the smallest sets.
The largest dataset contains 3.6 billion records, presumably from the Portuguese-speaking population. Two other sets consist of 2.8 and 1.9 billion. Even the smallest of the sets contains 16 million records. Considering all 30 sets, on average, one dataset contains about 550 million passwords, logins, and other sensitive information.
The researchers note that new data sets have appeared almost every week since they began their investigation. However, they only appeared for a short period of time, which allowed them to record their presence but not to determine who was behind them. The sets contained data that could give access to any service you can think of - including government services.
"This is not just a leak – it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing," the researchers said.
Although it was impossible to compare the collected data from each dataset, they all followed a relatively similar structure, containing the URL, login, and password of a particular service. This is how most modern infotailers, malicious software that steals confidential information, collect data.
Some of the datasets reportedly had generic names, such as logins, credentials, and similar general terms. At the same time, there were datasets with quite specific names, such as one with 455 million records called "Russian Federation." Another with 60 million records was called Telegram.
Regardless of who is behind these leaks and which accounts' data was stolen, we still recommend taking the necessary measures and changing the passwords on at least the most important accounts.