Latest news with #Elasticsearch
Ya Libnan
19 hours ago
- Ya Libnan
16 billion passwords exposed in record-breaking data breach
Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. This story, based on unique Cybernews findings and originally published on the website on June 18, is constantly being updated with clarifications and additional information in response to public discourse. The most recent version of the article features comments from Cybernews researcher Aras Nazarovas and Bob Diachenko who unveiled this recent data leak. We've also added a few screenshots as proof of the leak. Key takeaways: Unnecessarily compiling sensitive information can be as damaging as actively trying to steal it. For example, the Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned. Our team has been closely monitoring the web since the beginning of the year. So far, they've discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. None of the exposed datasets were reported previously, bar one: in late May, Wired magazine reported a security researcher discovering a 'mysterious database' with 184 million records. It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is. 'This is not just a leak – it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale,' researchers said. The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances. Researchers claim that most of the data in the leaked datasets is a mix of details from stealer malware, credential stuffing sets, and repackaged leaks. There was no way to effectively compare the data between different datasets, but it's safe to say overlapping records are definitely present. In other words, it's impossible to tell how many people or accounts were actually exposed. However, the information that the team managed to gather revealed that most of the information followed a clear structure: URL, followed by login details and a password. Most modern infostealers – malicious software stealing sensitive information – collect data in exactly this way. Information in the leaked datasets opens the doors to pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services. It's hard to miss something when 16 billion records are on the table. According to the researchers, credential leaks at this scale are fuel for phishing campaigns, account takeovers, ransomware intrusions, and business email compromise (BEC) attacks. 'The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,' the team said. The datasets that the team uncovered differ widely. For example, the smallest, named after malicious software, had over 16 million records. Meanwhile, the largest one, most likely related to the Portuguese-speaking population, had over 3.5 billion records. On average, one dataset with exposed credentials had 550 million records. Some of the datasets were named generically, such as 'logins,' 'credentials,' and similar terms, preventing the team from getting a better understanding of what's inside. Others, however, hinted at the services they're related to. For example, one dataset with over 455 million records was named to indicate its origins in the Russian Federation. Another dataset, with over 60 million records, was named after Telegram, a cloud-based instant messaging platform. 'The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,' the team said. While naming is not the best way to deduce where the data comes from, it seems some of the information relates to cloud services, business-oriented data, and even locked files. Some dataset names likely point to a form of malware that was used to collect the data. It is unclear who owns the leaked data. While it could be security researchers that compile data to check and monitor data leaks, it's virtually guaranteed that some of the leaked datasets were owned by cybercriminals. Cybercriminals love massive datasets as aggregated collections allow them to scale up various types of attacks, such as identity theft, phishing schemes, and unauthorized access. A success rate of less than a percent can open doors to millions of individuals, who can be tricked into revealing more sensitive details, such as financial accounts. Worryingly, since it's unclear who owns the exposed datasets, there's little impact users can do to protect themselves. However, basic cyber hygiene is essential. Using a password manager to generate strong, unique passwords, and updating them regularly, can be the difference between a safe account and stolen details. Users should also review their systems for infostealers, to avoid losing their data to attackers. With a dataset containing 16 billion passwords, that's equivalent to two leaked accounts for every person on the planet. We don't really know how many duplicate records there are, as the leak comes from multiple datasets. However, some reporting by other media outlets can be quite misleading. Some claim that Facebook, Google, and Apple credentials were leaked. While we can't completely dismiss such claims, we feel this is somewhat inaccurate. Bob Diachenko, a Cybernews contributor, cybersecurity researcher, and owner of is behind this recent major discovery. CYBERNEWS
Time of India
a day ago
- Time of India
How to secure your Google account after the 16 billion passwords leaked: complete guide for online safety
How to secure your Google account: complete guide following massive data breach A major cybersecurity event has exposed over 16 billion login credentials, according to researchers at Cybernews. The leaked data, uncovered across 30 previously unreported datasets, includes a mix of login details, cookies, tokens, and session metadata gathered via infostealer malware. This breach impacts access to platforms such as Google, Apple, Facebook, GitHub , and Telegram . While there's no confirmation of a centralized breach at Google or other major companies, credentials tied to their login portals were discovered in the leaked logs. The following sections outline how to secure your Google account and minimize risk in light of this data exposure. Also read: 16 billion passwords exposed in unprecedented cyber leak of 2025, experts raise global alarm Understanding the Google account risk from the credential leak According to Cybernews researchers, the leak was not sourced from a direct breach of Google's systems. Instead, it comprises credentials extracted from infostealer logs, which frequently include Google login URLs. Bob Diachenko, a contributor to Cybernews, stated, 'There was no centralized data breach at any of these companies,' but added, 'Credentials we've seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages.' Live Events The exposed records were found in unsecured storage instances such as Elasticsearch and object storage buckets. Datasets ranged in size, from 16 million to over 3.5 billion records, with some logs containing naming conventions suggesting ties to services or specific malware. The information structures were consistent: URL, followed by username and password. This setup aligns with how most modern infostealers operate. Some datasets also included session tokens and cookies, which may allow attackers to bypass password changes and even two-factor authentication (2FA). Also read: 'If cyber crime was a country, it would be the third largest GDP' Steps to secure your Google account immediately To protect your Google account in the aftermath of this breach, take the following proactive measures: 1. Change your Google account password – Use a strong, unique password created via a trusted password manager. 2. Enable Google 2-Step Verification (2FA) – Add an extra layer of security by using Google Authenticator or a security key. 3. Revoke unrecognized devices – Visit your Google Account security settings and sign out from unfamiliar devices. 4. Clear existing cookies and sessions – Since some datasets include valid session tokens, clearing cookies can help prevent session hijacking. 5. Monitor your Google Account activity – Use Google's 'Recent Security Events' page to track logins and detect anomalies. 6. Run antivirus and malware scans – Detect and remove any infostealer malware that could be compromising your device. Also read: Eugene Kaspersky sounds alarm on AI-driven cybercrime outpacing traditional defences; urges rethink These steps align with guidance from Cybernews researchers, who note, 'Some of the exposed datasets included information such as cookies and session tokens, which makes the mitigation of such exposure more difficult.' Credential leak extends to Google and other major platforms Though the datasets vary in origin, the scope and scale suggest a widespread data collection operation tied to infostealer malware. Researchers highlight that the inclusion of both old and recent logs indicates the data is 'fresh, weaponizable intelligence at scale.' Most datasets contained unverified credentials, but many included login data for services such as Google. The naming of some logs, like those referencing Telegram or suggesting Russian origins, provided additional context, though not definitive sources. According to Cybernews researcher Aras Nazarovas, this shift toward centralized infostealer databases could indicate a change in criminal behavior. 'The increased number of exposed infostealer datasets in the form of centralized, traditional databases... may be a sign that cybercriminals are actively shifting from previously popular alternatives such as Telegram groups,' he said. Also read: Cybercrime rate rises, victims lost whopping $16 billion. Here are top scams that duped people Preventing future exposure of Google credentials As attackers continue to refine data-harvesting methods, users must adopt strict credential hygiene. That includes: 1. Using password managers to avoid credential reuse. 2. Enabling 2FA across all major services. 3. Regularly auditing account permissions and third-party app access. 4. Monitoring accounts with automated breach detection services. Despite uncertainty about the total number of unique users impacted, the discovery of 16 billion credentials, nearly two for every person on Earth, makes ongoing vigilance essential. As Diachenko confirmed, 'Credentials we've seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages.' Though no centralized Google breach occurred, compromised credentials from Google users have been exposed. FAQs 1. How do I secure my Google account after a password breach? To secure your Google account after a password breach, immediately change your password to a strong, unique one using a password manager. Enable 2-Step Verification (2FA), review recent account activity, sign out from unfamiliar devices, and clear cookies and session data to block unauthorized access. 2. Was my Google account affected by the 16 billion password leak? While there's no evidence of a direct breach of Google, credentials linked to Google login pages were found in infostealer logs. You can check if your Google account was exposed by using tools like Google's Security Checkup or third-party services such as Have I Been Pwned. 3. What steps should I take to prevent Google account hacks in the future? To prevent future Google account hacks, use a unique password for each account, enable two-factor authentication, avoid clicking on suspicious links, and regularly monitor login activity. Keeping your browser and devices free of malware is critical to stopping infostealers before they access credentials. 4. Are Google login credentials safe after the massive 2025 data leak? How to secure your Google account after the 16 billion passwords leaked: complete guide for online safety A record-breaking data breach has exposed 16 billion login credentials from platforms including Google, Facebook, and Apple. This guide provides comprehensive steps to secure your Google account and protect personal data. Learn how to enable 2FA, use password managers, and detect threats after this widespread cybersecurity incident Google's infrastructure remains secure; however, some user credentials were compromised through malware-stealing tactics. Even without a direct Google data breach, it's essential to assume risk and secure your Google account promptly by updating passwords and enabling 2FA.
Daily Record
a day ago
- Daily Record
Apple, Facebook and Google passwords leaked as 16 billion exposed in monster data breach
Billions of passwords linked to Apple, Facebook, Google and more have been leaked in what experts call the biggest data breach ever A staggering 16 billion login credentials have been leaked online in what researchers are calling the largest data breach in history. Usernames and passwords linked to major platforms such as Apple, Facebook, Google, and even government services have been exposed. The breach, reported by Forbes, has triggered urgent warnings from both Google and the FBI. Google has urged billions of users to update their passwords, while the FBI is advising the public to remain vigilant, particularly about suspicious links in SMS messages. Researchers from cybersecurity site Cybernews who are investigating the breach say it consists of 30 exposed datasets, each containing anywhere from tens of millions to over 3.5 billion records. All but one of these datasets are newly discovered, meaning the vast majority of the information is fresh and has not previously been reported as compromised. The Cybernews researchers said the monster data breach was "not just a leak" but actually "a blueprint for mass exploitation." They added: "With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. "What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponisable intelligence at scale." The leak is believed to be the result of a mix of sources, including credential stuffing lists, stealer malware, and repackaged past leaks. Much of the data was temporarily accessible via unsecured Elasticsearch or object storage instances, making it briefly visible to researchers before vanishing again. Although it's impossible to calculate the exact number of affected individuals due to overlapping records, the breach has revealed a familiar structure: URLs followed by usernames and passwords, the same format typically collected by modern infostealers. The leaked credentials give potential attackers access to a wide range of online services, from big-name platforms like Apple, Facebook, Google, and Telegram to critical government portals and developer tools like GitHub. Some of the datasets were named generically, terms like 'logins' or 'credentials', making it difficult for investigators to determine their origins. However, others were more specific. One dataset containing over 455 million records was linked to the Russian Federation, while another, with more than 60 million entries, appeared to be sourced from Telegram. Join the Daily Record WhatsApp community! Get the latest news sent straight to your messages by joining our WhatsApp community today. You'll receive daily updates on breaking news as well as the top headlines across Scotland. No one will be able to see who is signed up and no one can send messages except the Daily Record team. All you have to do is click here if you're on mobile, select 'Join Community' and you're in! If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. To leave our community click on the name at the top of your screen and choose 'exit group'. If you're curious, you can read our Privacy Notice. The largest of the datasets, which alone contains over 3.5 billion records, appears to be tied to a Portuguese-speaking population, according to Cybernews. On average, each of the 30 datasets includes around 550 million records. While the datasets were only available for a short period, experts warn the consequences could be long-lasting. Leaks of this scale provide fertile ground for phishing campaigns, ransomware attacks, account takeovers and business email compromise (BEC) attempts. Security experts strongly advise the public to take precautions: avoid reusing passwords, invest in reputable password management tools, and stay alert to signs that their accounts may have been compromised.
Indian Express
a day ago
- Indian Express
Cybersecurity nightmare: More than 16 billion passwords leaked in unprecedented data breach
Cybersecurity researchers are claiming that they recently came across a massive database comprising more than 16 billion usernames and passwords, making it the largest data breach of all time. According to a new report from Cybernews, these leaked passwords are likely generated by various cybercriminals who used various infostealing malware to steal usernames and passwords. As it turns out, these login credentials were gathered from social media, corporate platforms, VPNs, developer portals and more. The researchers claim that they came across 30 exposed datasets of various sizes, which contained anywhere between tens of millions to more than 3.5 billion records with accounts from Google, Apple, Facebook, GitHub, Telegram and more. The report also claims that 'none of the exposed datasets were reported previously,' except for the one reported by Jeremiah Fowler, which contained more than 184 million passwords. 'This is not just a leak – it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale', added researchers. And while these newly discovered datasets were only exposed online for a brief period of time using unsecured Elasticsearch and object storage instances, which was long enough for security researchers to uncover the dataset, but not learn who controlled them. The publication says that the majority of data leaked in the datasets contains 'a mix of details from stealer malware, credential stuffing sets and repackaged leaks.' And while there is no way to compare these datasets, they likely contain at least some duplicated information. This makes it hard to determine how many people were affected by the data breach. However, most of the data in these datasets followed a particular pattern, containing a URL followed by a username and a password. To those unaware, this is exactly how infostealing malware collects information and sends it to threat actors. The researchers also found that these huge datasets containing usernames and passwords are often used for phishing campaigns, ransomware intrusions, business email compromise and account takeovers. These exposed datasets also included tokens, cookies and metadata, which makes them dangerous for companies and services that lack multi-factor authentication. Also, some of these were simply named 'logins' and 'credentials'. If you think your system is infected by an infostealing malware, make sure to install a known antivirus and run a thorough security scan to remove it. Users can also make use of Google One's 'Dark Web Report' feature, which lets you check if your personal information has been leaked as part of a data breach or is available on the dark web. Also, make sure that you refrain from using common passwords like '12345678' and 'password' and instead use a combination of numbers and letters to keep your account secure. To give you a quick recap, datasets containing billions of passwords have previously found their way on the internet. Last year, researchers came across what they called the Mother of All Breaches, which contained more than 26 billion records.
Mint
2 days ago
- Mint
16 billion logins discovered in ‘one of the largest data breaches in history,' including Apple accounts
Security researchers have uncovered what appears as "one of the largest data breaches in history," containing over 16 billion logins that include Apple accounts. The researchers told Cybernews that the stolen data provides cybercriminals 'unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing'. In May, Wired reported the presence of a "mysterious database" containing 184 million records. These were found to be sitting unprotected on a web server. The latest research highlights that the database might just be the tip of the iceberg. As of now, the researchers have uncovered 30 datasets, with each of them containing up to 3.5 billion records. The information, which includes social media and VPN logins as well as corporate and developer platforms, is contained in datasets that have been uncovered since the start of 2025. 'Blueprint for mass exploitation' The researchers told Cybernews that it is not just a leak, but a "blueprint for mass exploitation". They have pointed out that a concerning aspect here is the "structure and recency of these datasets," adding that these were not old breaches getting recycled. "This is fresh, weaponizable intelligence at scale," they said. The information in the leaked datasets opens gates towards several online services, such as Apple, Facebook, Google, GitHub, Telegram as well as various government services, the report said. Researchers suggest that credential leaks at this scale can work as fuel for phishing campaigns, account takeovers and business email compromise (BEC) attacks. This data was found to be neatly compiled, with different URLs, usernames and passwords indexed and presented altogether. One of the datasets, having more than 455 million records, was named to "indicate its origins in the Russian Federation," while another one having more than 60 million records, was named after Telegram. The report added that most of these were "temporarily accessible" via unsecured Elasticsearch or object storage instances. FAQs 1. How to protect yourself from data breaches? A highly recommended option is two-factor authentication (2FA). Here, the password is the first factor, while the second could be your authenticator app, passcode, phone call or other methods. 2. Can we reuse old passwords? Cyber experts suggest people should avoid using old passwords again, especially for social media apps and making digital payments. Individuals should also consider deleting unused accounts.
