24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data
A massive collection of stolen login credentials containing roughly 24 billion records was briefly exposed online, according to cybersecurity researchers at Cybernews. Researchers say the publicly accessible Elasticsearch cluster contained usernames, email addresses, plaintext passwords, and login URLs linked to a wide range of online services. The database was taken offline after its discovery, but the scale of the collection has raised concerns about how much stolen credential data is circulating within cybercriminal ecosystems. While it’s unclear who assembled the database or how many unique victims are represented, the findings highlight a growing problem: infostealer malware and credential reuse continue to provide attackers with vast quantities of account data that can be weaponized long after an initial compromise. What was inside the database According to Cybernews, the exposed system reportedly contained a mix of data types, but the majority appeared to be infostealer logs, records captured by malware designed to extract sensitive information from infected devices. These logs typically include usernames, passwords, browser-stored credentials, and sometimes session data or tokens. Researchers also found that many …
