Unprecedented Data Breach Exposes 16 Billion Login Credentials: Major Brands Including Apple and Google at Risk

Cybersecurity experts have unearthed a “mysterious dataset” containing an astonishing total of 16 billion login details, marking it as one of the most significant data breaches ever recorded. A report highlights that this incident has affected numerous major tech corporations, including Apple, Facebook, and Google, along with the online platforms of various governments. The breach allowed malicious actors to have brief yet unprecedented access to individual credentials, increasing the risks of account takeovers, identity theft, and phishing schemes.

Update: Telegram stated to Gadgets 360, «The primary login method for Telegram involves a one-time password sent via SMS. Therefore, this issue is significantly less relevant for Telegram users in comparison to other services where passwords remain constant.»

Massive Leak of Login Credentials

A report from CyberNews reveals that a large portion of the leaked database comprises information derived from credential stuffing sets, malicious stealer software, and recompiled leaks. According to researchers, they have identified 30 compromised datasets since the start of the year, each containing from tens of millions to over 3.5 billion records, culminating in an overall total of nearly 16 billion records discovered to date.

It is believed that malicious actors utilized infostealer logs to acquire this sensitive information. The breach has affected a wide array of companies, sectors, and nations. Prominent organizations including Apple, Facebook, Google, GitHub, and Telegram were among the major victims.

The breach impacted social media platforms, corporate networks, VPN services, developer sites, and governmental services across various nations. Moreover, it has been suggested that apart from one dataset, none of the data was found in earlier leaks, indicating that most of the information in this recent breach is new.

“What is particularly alarming is the organization and freshness of these datasets – these are not merely recycled old breaches. This represents new, operable intelligence at a large scale,” researchers were quoted as saying by the publication.

The leaked information was well-organized, with URLs paired with login details and passwords. The report suggests that this is a common tactic employed by malicious actors to obtain data. The smallest dataset reportedly contained over 16 million records, while the largest held more than 3.5 billion. On average, each dataset included around 550 million exposed credentials.

Some datasets bore generic titles, such as “credentials” or “logins,” while others referenced the specific services from which the data was extracted. For instance, researchers found one dataset named after Telegram that included 60 million entries.

The report indicates that all datasets were only briefly visible but sufficiently long for cybersecurity experts to notice them. They were accessible via object storage instances or unsecured Elasticsearch setups, but the identities of those controlling the 16 billion records remain unclear.

Researchers contend that data breaches of such magnitude could be utilized by malicious actors for launching phishing operations, achieving account takeover, executing ransomware attacks, and conducting business email compromise (BEC) schemes.