A truly massive data breach has been uncovered, revealing an astonishing sixteen billion exposed login credentials. This makes the security incident one of the largest known data breaches in the entire history of the internet. The data, which most likely originates from a variety of different infostealers, was found scattered across thirty separate databases. Researchers claim these new massive datasets are emerging every few weeks, signaling just how prevalent infostealer malware is.
The Cybernews research team has been closely monitoring the web since the very beginning of this current year.
So far, they have discovered thirty different exposed datasets which contain from tens of millions to over 3.5 billion records. Researchers claim that most of the data in the leaked datasets is a mix of details from stealer malware. The information that the team managed to gather revealed that most of the data followed a clear structure. This structure contained a URL, which was followed by login details and then a corresponding password for that site.
Researchers have described this unprecedented exposure as a complete blueprint for widespread and mass online exploitation.
With billions of login records now exposed, cybercriminals have truly unprecedented access to our personal user credentials. These stolen credentials can be used for account takeover, identity theft, and also highly targeted phishing attacks. The inclusion of both old and recent infostealer logs makes this data particularly dangerous for many different organizations. The logs often contain tokens, cookies, and metadata which can be used to bypass multi-factor authentication methods.
It is currently unclear who is the owner of the leaked data, but some datasets were owned by criminals. A cybersecurity researcher clarified there was no centralized data breach at any of the major technology companies. However, this does not mean that none of the user logins were breached and leaked to the dark web. This discovery might signal that criminals are now abandoning previously popular methods of obtaining their stolen data. Basic cyber hygiene is now essential, such as using a password manager to generate strong, unique passwords.
Reference:
