24 billion records exposed in massive data leak

Cybernews researchers uncovered a massive 24 billion-record data leak on June 12, exposing one of the largest known aggregations of stolen credentials. The unprotected database, stored in an Elasticsearch cluster spanning 8.3 terabytes, contained usernames, email addresses, plaintext passwords, and the specific websites tied to each account, providing hackers with a direct roadmap for breaches. The leak was not a traditional corporate breach but rather a central repository for infostealer malware logs, which silently extract saved credentials, credit card details, and crypto wallet keys from infected devices. The data was collected from 36 distinct sources, including over 1.7 billion records harvested from hacking-oriented Telegram groups. Researchers noted the database was actively updated until its discovery, as it included a news article from February 2026. While the cluster has since been secured, the exposed credentials—stored in raw format—pose a serious risk of account takeovers, particularly for users without multi-factor authentication (MFA). Security experts warn of an imminent surge in credential-stuffing attacks, where automated bots test leaked password combinations across retail, banking, and social media platforms. The organized nature of the database suggests a sophisticated criminal operation, though the administrator remains unidentified. Cybernews emphasized the urgency for users to change compromised passwords and enable MFA to mitigate the threat. The leak underscores the growing dangers of infostealer malware, which spreads through corrupted files, infected PDFs, and pirated software.