Thought Leadership
Several collections of login data reveal one of the largest data thefts in history. As cybernews reports, a total of 16 billion login credentials were exposed. The data most likely originated from various infostealers.
Collecting confidential information unnecessarily can be just as damaging as actively trying to steal it. For example, the Cybernews research team discovered a large number of huge data sets containing billions and billions of login credentials. From social media and corporate platforms to VPNs and developer portals – everything was investigated.
So far, 30 exposed data sets have been discovered, each containing tens of millions to over 3.5 billion data records. In total, the researchers uncovered the incredible number of 16 billion data records.
None of the exposed data records had been reported before, except for one: at the end of May, Wired magazine reported on the discovery of a “mysterious database” containing 184 million data records by a security researcher. This is just a small sample of the top 20 records discovered by the team. What is particularly worrying is that researchers claim that new huge data sets appear every few weeks, which shows how widespread Infostealer malware really is.
With over 16 billion credentials exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeovers, identity theft and targeted phishing. Of particular concern is the structure and timeliness of these data sets – these are not simply old data leaks that are being recycled. This is new, weaponized information on a large scale,” the researchers said.
The only bright spot is that all data sets were only exposed for a short time: long enough to be discovered by researchers, but not long enough to find out who was in control of the huge amounts of data. Most of the datasets were temporarily accessible via unsecured Elasticsearch or object storage instances.
What do the billions of disclosed data records contain?
The researchers claim that most of the data in the leaked datasets is a mix of details from stealer malware, credential stuffing sets and repackaged leaks.
There was no way to effectively compare the data between the different data sets, but it is safe to say that there is definitely overlap. In other words, it’s impossible to say how many people or accounts were actually compromised.
The information in the leaked records opens the doors to pretty much every online service imaginable, from Apple, Facebook and Google to GitHub, Telegram and various government services. It’s hard to miss anything when there are 16 billion records on the table.
According to the researchers, data leaks of this magnitude are the fuel for phishing campaigns, account takeovers, ransomware attacks and BEC (Business Email Compromise) attacks.
Which data set contained billions of credentials?
The data records that the team uncovered are very different. The smallest, named after a piece of malware, for example, contained over 16 million data records. In contrast, the largest dataset, which probably relates to the Portuguese-speaking population, contained over 3.5 billion data records. A data set with disclosed login data contained an average of 550 million data records.
Some of the records had generic names such as “logins”, “credentials” and similar terms that did not allow the team to better understand the content. Others, however, referred to the services to which they were linked.
For example, a data set with over 455 million data records was named after the Russian Federation. Another data set with over 60 million data records was named after Telegram, a cloud-based instant messaging platform.
(ds/cybernews)
