Illegally obtained login credentials for 16 billion user accounts potentially expose crypto wallets to unlawful hacker invasions.
In a shocking revelation, a massive trove of data containing over 16 billion login credentials has been leaked online. This unprecedented leak, believed to be the result of infostealer malware, poses serious concerns about the security of user accounts and digital infrastructure across various platforms, including Apple, Facebook, Google, GitHub, Telegram, and government portals.
The infostealer malware operates by infecting devices—often through phishing links or malicious extensions—and stealthily collecting login credentials, banking details, session cookies, and browsing histories. The stolen data is gathered into more than 30 exposed databases, ranging from tens of millions to billions of records, which are then traded or sold on dark web forums for cybercriminal use.
Since January, Cybernews researchers have identified 30 massive datasets, each containing over 3.5 billion records. The data spans across various platforms, including social media accounts, corporate systems, VPN services, and developer platforms. All but one of these datasets were previously reported, suggesting that this leak is an aggregation from multiple past breaches and malware infections, now circulating widely among cybercriminals.
The structure and recency of these datasets suggest that these aren't just old breaches being recycled. The leaked data follows a consistent format, typically listing a URL, then a username and password, suggesting it was harvested by modern infostealer malware that adopts a structured manner for collecting credentials.
The leaked data potentially grants access to various online platforms, including those belonging to Apple, Facebook, Google, GitHub, Telegram, and government portals. This poses a significant risk of account takeovers, identity theft, phishing attacks, and credential stuffing, where attackers automate testing stolen credentials across multiple services.
Many users reuse passwords, increasing the danger that older leaks still facilitate new account compromises, including high-value targets like corporate systems, VPNs, and government portals. The leaked data can be used for these malicious activities, raising security concerns for both individuals and organisations.
Users are urged to change passwords, enable multi-factor authentication, and use password managers to mitigate risks. This represents one of the largest credential exposures in history and underscores the ongoing prevalence and danger of infostealer malware in enabling mass credential theft and misuse.
The leaked data, harvested by modern infostealer malware, has been associated with a significant risk of account takeovers on multiple platforms, such as Apple, Facebook, Google, GitHub, Telegram, and government portals. With the large collection of stolen login credentials now being traded or sold on dark web forums, there's growing concern about the security of user accounts and digital infrastructure. This widespread circulation of leaked data also increases the potential for identity theft, phishing attacks, and credential stuffing.
