Cybersecurity researchers have discovered a “mysterious database” comprising a staggering record of 16 billion login credentials, in what is being called one of the biggest data breaches in history. According to a report, it impacted some of the world’s biggest technology companies including Apple, Facebook, and Google, along with government portals from multiple countries. The data breach gave threat actors brief but unprecedented access to personal credentials, posing risk of account takeover, identity theft, and phishing attacks.
Billions of Login Credentials Leaked
According to a report by CyberNews, a majority of the data in the leaked database included information from credential stuffing sets, stealer malware, and repackaged leaks. Researchers say they’ve discovered 30 exposed datasets since the beginning of the year, comprising from tens of millions to over 3.5 billion records each, bringing the total to nearly 16 billion records which have been discovered so far.
Threat actors are speculated to have employed infostealer logs to steal this sensitive data. This breach impacted not just one company, sector, or country, but numerous ones. Apple, Facebook, Google, GitHub, and Telegram were some of the biggest companies to be impacted.
As per the report, it affected social media companies, corporate platforms, VPNs, developer portals, and even government services of various countries. Further, it is suggested that none of the datasets, except for one, were discovered in previous breaches, which means most of the data in the latest breach is fresh.
“What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale”, the publication quoted researchers as saying.
The leaked data had a proper structure, with the URL followed by the login credentials and a password. As per the report, this is a staple method employed by threat actors to steal data. The smallest dataset reportedly had over 16 million records, while the largest one contained more than 3.5 billion. On an average, each dataset comprised 550 million exposed credentials.
Some of the datasets had generic names, such as “credentials” or “logins”. Meanwhile, others also reportedly referenced the services they were stolen from or related to. For example, researchers discovered one dataset named after Telegram which contained 60 million records.
The report states all of the datasets were only briefly exposed, but long enough for cybersecurity personnel to discover them. These were accessible through object storage instances or unsecured Elasticsearch. However, they could not uncover the entity controlling the 16 billion records.
Researchers say data breaches of this scale can be employed by threat actors for running phishing campaigns, taking over accounts, ransomware intrusions, and business email compromise (BEC) attacks.
