24 billion stolen credentials turned up in one exposed database
Researchers found an 8.3TB database of 24 billion credential records sitting open online. Most were fresh infostealer logs with plaintext passwords.
On 12 June, researchers at Cybernews found a publicly exposed database holding more than 8.3 terabytes of data: roughly 24 billion credential records, one of the largest single collections ever left open online. The server has since been taken down, but the data inside it has not gone anywhere.
Numbers this big tend to lose meaning, so here is what actually sat in the file. The bulk of it was infostealer logs: data quietly scraped from individual infected computers, often within the past few months. Many records were structured, with a username, an email address, a plaintext password and the exact login URL they belonged to. Not hashed. Not encrypted. The password, in the clear, next to the site it unlocks.
Why fresh logs are worse than old breach dumps
Most mega-leaks are recycled. Old breaches get stitched together, the same email addresses appear again and again, and the passwords are years out of date. This one is different. It pulled from 36 sources, including Telegram channels trading stolen data, but it leaned heavily on recent infostealer output. Roughly 1.7 billion records came from hacking-focused Telegram channels alone, some of them dealing in stolen card data.
The detail that should worry people: the database included a layer of CVE vulnerability intelligence, which suggests whoever built it was not just hoarding logins. They were using it as a targeting tool, matching working credentials against known software flaws to pick where to attack next.
What this means for you
If you reuse passwords, this is the exact scenario that turns one leaked login into ten compromised accounts. Attackers take a working email and password from a log like this and try it everywhere: your email, your bank, your cloud storage. It is called credential stuffing, and it works because so many people use the same password in more than one place.
Start by checking whether your email address appears in known breaches at haveibeenpwned.com, a free service run by security researcher Troy Hunt. Then change any password you have reused, beginning with your email account, since that is the one attackers use to reset everything else. Turn on two-factor authentication wherever it is offered. And if you are still keeping passwords in your head or a notes file, this is the week to move to a password manager so every account gets its own unique login.
One more thing, because infostealers are the root of this. They land on a machine through cracked software, fake browser updates and malicious downloads, then harvest everything saved in the browser. No password manager helps if the device itself is compromised, so keep your operating system and browser patched and be wary of anything promising free versions of paid software.
Stay one step ahead.
The Cybersecurity & Privacy Digest lands every Friday with the week's biggest threats and what to do about them. Subscribe free.