Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: The 16-Billion-Record Data Breach That No One's Ever Heard of

Link: https://it.slashdot.org/story/25/06/19/202824...

An anonymous reader quotes a report from Cybernews: Several collections of
login credentials reveal one of the largest data breaches in history,
totaling a humongous 16 billion exposed login credentials. The data most
likely originates from various infostealers. Unnecessarily compiling
sensitive information can be as damaging as actively trying to steal it. For
example, the Cybernews research team discovered a plethora of supermassive
datasets, housing billions upon billions of login credentials. From social
media and corporate platforms to VPNs and developer portals, no stone was
left unturned. Our team has been closely monitoring the web since the
beginning of the year. So far, they've discovered 30 exposed datasets
containing from tens of millions to over 3.5 billion records each. In total,
the researchers uncovered an unimaginable 16 billion records. None of the
exposed datasets were reported previously, bar one: in late May, Wired
magazine reported a security researcher discovering a "mysterious database"
with 184 million records. It barely scratches the top 20 of what the team
discovered. Most worryingly, researchers claim new massive datasets emerge
every few weeks, signaling how prevalent infostealer malware truly is. "This
is not just a leak -- it's a blueprint for mass exploitation. With over 16
billion login records exposed, cybercriminals now have unprecedented access
to personal credentials that can be used for account takeover, identity
theft, and highly targeted phishing. What's especially concerning is the
structure and recency of these datasets -- these aren't just old breaches
being recycled. This is fresh, weaponizable intelligence at scale,"
researchers said. The only silver lining here is that all of the datasets
were exposed only briefly: long enough for researchers to uncover them, but
not long enough to find who was controlling vast amounts of data. Most of the
datasets were temporarily accessible through unsecured Elasticsearch or
object storage instances. Key details to be aware of: - The records include
billions of login credentials, often structured as URL, login, and password. -
 The datasets include both old and recent breaches, many with cookies,
tokens, and metadata, making them especially dangerous for organizations
without multi-factor authentication or strong credential practices. - Exposed
services span major platforms like Apple, Google, Facebook, Telegram, GitHub,
and even government services. - The largest dataset alone includes 3.5
billion records, while one associated with the Russian Federation has over
455 million; many dataset names suggest links to malware or specific regions.
- Ownership of the leaked data is unclear, but its potential for phishing,
identity theft, and ransomware is severe -- especially since even a - Basic
cyber hygiene -- such as regularly updating strong passwords and scanning for
malware -- is currently the best line of defense for users.

Read more of this story at Slashdot.

---
VRSS v2.1.180528