24 Billion Stolen Credentials Exposed in Massive Data Leak
24 Billion Stolen Credentials Exposed in Massive Data Leak
Publish Date: 2026-06-19 01:09:13
Source Domain: securityaffairs.com
Summary:
Cybernews researchers discovered a massive data leak consisting of an exposed Elasticsearch cluster containing 24 billion records with an estimated size of over 8.3 terabytes, which included stolen user credentials collected from various sources, mainly infostealers, Telegram channels, and breach compilation collections. The records comprised not only usernames, passwords, and email addresses but also information from 36 distinct sources, including those affiliated with the Darkside ransomware group. Additionally, the database included newer data such as recent news articles about data breaches and cybersecurity incident updates, suggesting that the data owner aims to keep the collection current with the latest exploits. Because the database was removed from public access shortly after the discovery, the exact nature and origins of the full dataset couldn’t be thoroughly analyzed. The researchers emphasized the necessity for users utilizing the same passwords across different platforms without two-factor authentication to update their credentials immediately due to their potential exposure in this breach.
Key Points:
- Researchers revealed 24 billion stolen credentials in an exposed Elasticsearch database.
- The largest portion of the records consisted of infostealer logs, primarily gathered from Telegram channels linked to cybercrime.
- The database included recent cybersecurity incident data and vulnerability reports, indicating that the data owner monitored current threats.
- The database has since been taken offline, making further analysis impossible, highlighting urgent needs for password management and multi-factor authentication.
