What’s believed to be the single biggest data breach ever – a massive 16-billion records – has been exposed.
Investigators at Cybernews, which uncovered the breach, believe the records are scattered across 30 different databases, and some records are or might be overlapping.
Importantly, this is not old or recycled data, but mostly recent and probably collected from various infostealers.
Cybernews reports that discovery of the password trove is the result of months of investigations. So far, the team has identified 30 exposed datasets. These datasets contain anything from tens of millions to more than 3,5-billion records each – for a total of 16-billion records.
“Cybercriminals now have unprecedented access to personal credentials and could exploit them for account takeovers, identity theft, and targeted phishing attacks,” the report states.
They believe that most of the data in the leaked datasets is a mix of details from stealer malware, credential stuffing sets, and repackaged leaks.
Peter Mackenzie, director of incident response and readiness at Sophos, comments: “While you’d be right to be startled at the huge volume of data exposed in this leak it’s important to note that there is no new threat here. This data will have already likely have been in circulation. These data sets are an amalgamation of information.
“What we are understanding is the depth of information available to cyber criminals. If you are concerned about your data being involved then using a service like https://haveibeenpwned.com/ can help you to check,” he says.
“Crucially, it is an important reminder to everyone to take proactive steps to update passwords, use a password manager and employ multifactor authentication to avoid credential issues in the future.”