A recent data breach has exposed over 16 billion login credentials from online platforms, including Apple, Google, Facebook, Telegram, and GitHub.
The Cybernews research team, which uncovered the leak, described it as one of the largest credential dumps ever recorded, with serious implications for online users, crypto security, and digital asset management.
16B Login Records Leaked in Alarming Wave of Fresh Malware-Based Breaches
According to researchers, the breach is not a single incident but a combination of datasets collected from infostealer malware, credential stuffing attacks, and previously unreported leaks.
Some of these datasets contained up to 3.5 billion entries on their own, with the average dataset holding around 550 million records. The researchers have been tracking the data since early 2024, uncovering at least 30 exposed sets, many of them never publicly disclosed before.
“This is not just a leak—it’s a blueprint for mass exploitation,” the Cybernews team stated.
“With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing,” they added.
Source: CyberNews
The structure and recency of the data make the breach especially dangerous. Unlike older, recycled leaks, much of this data was harvested recently by modern info-stealing malware, posing an urgent crypto security threat to users.
The data typically includes login details organized by URL, along with associated usernames, passwords, cookies, and even tokens.
Some datasets point to specific services, such as Telegram, which was linked to a 60 million record dump.
Another, allegedly tied to the Russian Federation, held more than 455 million records. A number of entries also appear related to cloud services, government portals, and business accounts.
Most of the data was found in unsecured Elasticsearch databases and object storage instances. Though these were exposed for only a short period, it was long enough for researchers to copy the contents.
The origin of the datasets remains unclear, but experts believe that at least some were compiled by criminal actors.
Massive Credential Leaks cRaise Alarm for Crypto Users Amid Dark Web Sales
At this scale, credential leaks are a direct threat to crypto security. Attackers can deploy phishing scams, ransomware, business email compromise tactics, and unauthorized access to crypto wallets and trading platforms.
Users without multi-factor authentication (MFA) are especially vulnerable.
“The inclusion of both old and recent infostealer logs—often with tokens, cookies, and metadata—makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,” researchers added.
While the full number of people affected is impossible to determine due to overlapping records, the scale means even a small success rate could translate into millions of compromised accounts.
Crypto users, in particular, are advised to act quickly. Since wallet services and exchanges often rely on credentials linked to mainstream email providers or cloud services, any breach could lead directly to asset theft.
Cybernews stressed the importance of basic cyber hygiene. Users should change passwords immediately, turn on MFA wherever possible, and scan their devices for malware.
“There’s little impact users can have on the existence of these leaks,” the research team noted, “but staying proactive with your own security remains the best defense.”
At the time of reporting, no single actor has claimed responsibility for the leaked databases.
But with new datasets emerging every few weeks, researchers say this reflects a growing trend of sophisticated infostealer operations that threaten the entire crypto security ecosystem.
For now, the leak stands as a stark reminder of how exposed digital life can be and how quickly stolen credentials can turn into real-world consequences.
This reminder can be corroborated with the recent incident of threat actors on the dark web allegedly selling personal data from users of major crypto exchanges Gemini and Binance, according to a March 27 report by cyber threat tracker Dark Web Informer.
A threat actor known as “AKM69” is claiming to offer 100,000 Gemini records, including names, emails, phone numbers, and location data, mostly from the U.S., U.K., and Singapore.
Another seller, “kiki88888,” listed 132,000 alleged Binance user records, though the source appears to be infostealer malware, not an exchange breach.
Though there’s no confirmed breach of the exchanges themselves, the incident shows the evolving threat to crypto security, with stolen credentials often repurposed for phishing, fraud, and wallet recovery scams.
The post 16 Billion Exposed Passwords Give Hackers Blueprint to Drain Wallets – Crypto Security Alert appeared first on Cryptonews.
