Tag Archives: LinkedIN

Sci-Tech

24 Billion Credentials Leaked In Database- Are Yours Included?

2 Comments

24 billion records, including usernames and passwords were just exposed in colossal data leak.

24 billion records data leak
Image by Cybernews.

Cybernews researchers discovered an exposed database containing 24 billion records, including usernames, email addresses, plaintext passwords, and login URLs. The data appears to come from infostealer malware logs, records stolen from infected devices and collected from Telegram channels, breach compilations, and other sources.

Key takeaways:

  • Cybernews researchers found an exposed Elasticsearch cluster containing 24 billion records and more than 8.3TB of data.
  • Most records appear to be infostealer logs, including usernames, emails, passwords, and login URLs.
  • The data came from 36 sources, including Telegram channels, breach compilations, and large “collections.”
  • Researchers cannot yet confirm how many records are duplicates or how many unique people were affected.
  • The database is no longer publicly exposed, but reused passwords may still put accounts at risk.

While data leaks spilling millions of records have become the norm, one involving 24 billion records, including usernames and passwords, is something else. That’s why the Cybernews research team had to triple-check their findings after uncovering over 8 terabytes of data exposed online.

Our team discovered what is likely to be one of the largest databases ever exposed on June 12th. The vast majority of the 24 billion exposed records, our researchers believe, were infostealer logs. In other words, stolen usernames, passwords, and services that these credentials were supposed to grant access to.

“The credential data leak is dangerous simply because of its enormous size. Since the data leaked online, billions of affected accounts are at serious risk of takeovers, especially if they are not protected with multi-factor authentication,” the team explained.

infostealer data sample
Infostealer log document example. Image by Cybernews.

What did the 24 billion record data leak reveal?

The records our team uncovered were stored on a publicly available Elasticsearch cluster, a group of interconnected search servers. The total volume of information in the cluster exceeded 8.3 terabytes.

Nearly all exposed records were infostealer logs, data collected by malicious software that steals sensitive information. According to the team, the logs revealed login credentials in raw format, with each login detail saved separately, including email addresses, usernames, and passwords in plaintext.

infostealer data sample2
Document counts from different sources. Image by Cybernews.

Additionally, researchers identified URLs that the leaked credentials are supposed to grant access to, as well as the source of the logs.

The exposed credentials came from 36 distinct sources, varying from Telegram channels to combined data collections of previous data breaches and datasets exported directly from live target servers.

Which Telegram channels are involved in the data leak?

For example, over 1.7 billion records supposedly came from various Telegram channels. All channels appear to be involved in cybercrime, with a focus on stolen credentials and data breaches.

Most of the 36 data sources, over 30, are Telegram channels with a number of records ranging from hundreds of millions of exposed records to a few thousand. While most of the channels were in English, some were in Russian.

To avoid advertising Telegram channels that contain stolen credentials, we will not mention their names. However, most of the Telegram-based records were supposedly taken from hacking-related channels.

infostealer logs sources

Another category of Telegram channels includes access to stolen credit card data, with one channel apparently dedicated to sharing this information.

Interestingly, nearly 260 million records came from Telegram channels with “Darkside” in the title. Several years ago, Darkside was among the most prolific ransomware groups. The gang infamously attacked the Colonial Pipeline, causing fuel supply disruption on the US East Coast.

Billions of records in unknown “collections”

A staggering 22.6 billion records supposedly came from what the data owner named “collections.” These records could come from various infostealer collections previously leaked online, or they may indicate that the records are grouped by the services they are supposed to provide unauthorized access to.

Since the data was taken out of public view soon after the discovery, researchers could not further investigate the origin of the information within the so-called “collection” source.

The same reason prevented the team from deducing exactly which service providers were exposed. However, given the colossal number of records involved, it’s highly likely that they reveal access to services with very large user bases.

The team also noticed a source with 150 million records named “local database dumps.” Records from this source likely indicate they were exported directly from live target servers. Local database dumps typically involve downloading the contents of a certain database on a user device.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands Check now by clicking the red box:

Check if your data has been leaked

In this particular case, “local data dumps” could mean the person running the server uploaded records to the collection themselves, or that they got the data from other sources.

“Additionally, records contained file names from where they were imported. In total, there were at least 195 distinct file names. Some of them indicated that the credentials in question came from the AntiPublic collection and what kind of accounts they include,” our researchers said.

AntiPublic collection is a stealer log combo list that first appeared in 2016 and contained around 600 million records. The AntiPublic-related information in the leak categorized credentials in the AntiPublic collection. For example, some files contained logins to only adult content services or only to streaming platforms.

Another 146 million records came from a source named “breach compilation combo” and most likely contain information from past data breaches that exposed user credentials. Attackers favor exploiting information from past breaches, since users often reuse credentials and rarely change passwords.

The source with the smallest number of records was named “Redline stealer” and only contained 27 records. RedLine stealer is a common infostealer that operates as a malware-as-a-service (MaaS), allowing low-skilled attackers to participate in cybercrime.

Owner interested in news articles and social media posts

Interestingly, our researchers found a small subset of data, around 17,000 records, containing information that’s rarely seen in data leaks. For example, over 9,500 documents contained CVE (Common Vulnerabilities and Exposures) IDs and descriptions, along with corresponding GitHub repository URLs.

One of the vulnerabilities identified in the exposed cluster involved a Valhall GPU Kernel Driver issue.

Moreover, over 5,200 documents contained logs of news articles related to recently occurred data breaches with article URLs, their contents, and short descriptions. One of the news articles was published as recently as February 2026 and covered a supply chain attack targeting the Python Package Index (PyPI) repository.

Another 2,900 documents were logs of social media posts related to cybersecurity incidents. One of the posts our team saw discussed operational details of the Babuk ransomware from 2021.

All of this points to the data owner actively monitoring the cybersecurity landscape, with a likely intent to update their vast collection of credentials with records from the latest data breaches and data leaks.

The known unknowns

While we are confident the data leak our team has uncovered indeed contains a whopping 24 billion records, there are limitations to what we know about the data inside the now-closed Elasticsearch cluster.

For one, the team had limited time to investigate the data leak, which prevented us from delving deeper into the types of information that may have been included in the “Collections” source.

Moreover, we cannot confidently estimate how many duplicates were included in the leak, leaving the potential number of exposed individuals a guessing game. However, it would hardly be a surprise that a data leak involving 24 billion records would affect more than a few online accounts.

At this point, we’re also unable to accurately say how old or new the leaked data is. Based on the February, 2026 news article contained in the data leak, it appears the data’s owner regularly updates the cluster with new information.

We also do not know who the data owner is, or why anyone would hoard so much data. Our team believes that “both a company and an individual threat actor could be collecting such information for various purposes.”

“Companies could collect this data for a monitoring service or a security check service, and threat actors could be collecting this data to aid in discovering fresh exploits to help them with data breaches,” our researchers said.

Meanwhile, our team believes that when it comes to historic data leaks, hoarding everything is the way to go.

“Why wouldn’t they hoard so much data? When it comes to historical leaked data and information on exploits and attacks, the more information you have, the better, as it allows for better insights, and helps detect more relevant compromised accounts, and ways that a given target could be breached,” the team explained.

What should you do now to protect your data?

To keep yourself safe, it’s important to be proactive and take some simple but crucial precautions. Users should change reused passwords as soon as possible, starting with key accounts like emails social media cloud storage, and banking.

Enabling multi-factor authentication where possible and using password manager to create strong and unique passwords is also a good idea. Users should also be weary of phishing messages that, in some cases, may advertise assistance to check whether user data was exposed.

Meanwhile, a few smart habits and tools can go a long way in protecting your personal data agains infostealers and making it much harder for threat actors to get a hold of it.

  • Use a VPN when you’re on public Wi-Fi. It will help keep your connection secure and private.
  • Be careful about clicking on links or downloading attachments from emails or messages you weren’t expecting or don’t trust.
  • Keep your apps and operating systems updated on all devices since updates often include important security fixes.
  • Turn on two-factor authentication (2FA) whenever it’s available for an extra layer of authentication.
  • Only download apps and software from official stores or trusted websites to avoid fake or infected versions.

Strong password generator

Upgrade the security of your online accounts.

Create strong passwords that are completely random and impossible to guess.

Strong Password Generator

Create a secure, random password instantly.

Leaking billions of records is becoming the norm

Unfortunately, datasets with billions of records are more often left publicly accessible. Earlier this year, our team discovered another exposed Elasticsearch cluster that contained over 160 indices, holding 8.7 billion of primarily Chinese records, ranging from national citizen ID numbers to various business records.

Meanwhile, last December, our team found a database with 4.3 billion records, some of which included LinkedIn-derived personal information. The 16TB-strong instance contained emails, photos, employment histories, and other personal data. A single collection alone contained 732 million records, including photographs.

In July 2025, Cybernews researchers uncovered one of the largest data leaks in history after discovering several collections of login credentials, containing a total of 16 billion records. The team found 30 exposed datasets, each containing tens of millions to more than 3.5 billion records.

However, the only data leak comparable to the recent discovery is the one our team found back in 2024. The supermassive leak contained data from numerous previous breaches, comprising an astounding 12 terabytes of information spanning over 26 billion records.

For the Silo, Vilius PetkauskasVilius Petkauskas/cybernews.com

Featured image- cartoonistgroup.com/ Creators Syndicate Mike Luckovich

Travel

Vacate The Seatback SKY2BUY Is The New ‘Mall in the Sky’

Leave a comment

Scott Jordan
Scott Jordan

After a difficult bankruptcy auction process, the purchase of SkyMall’s brand name was announced last Friday, March 27th. The new owners paid $1.9 million for the well-known brand. The purchase price, however, didn’t include any assurances from the airlines that the catalog will be put on their planes. In fact, all prior agreements with the airlines are void. One fact is clear: SkyMall no longer has a monopoly to sell in the skies. Scott Jordan, CEO and Founder of multi-pocket clothing company, SCOTTeVEST, has been both a supporter of getting SkyMall back onto planes and a critic of the mismanagement that landed SkyMall into bankruptcy in the first place. Jordan was the most vocal during the auction process and many assumed he would be the winning bidder for SkyMall.

He explains why he let the SkyMall name go to another party: “At the most basic level, there are two things required to make SkyMall work: a catalog and placement of that catalog on airplanes. Producing a catalog is easy. The only way to get a catalog onto airplanes is with the cooperation of the airlines. SkyMall allowed every airline contract to lapse and, despite my best efforts, we were unable to come to terms with the airlines before the bankruptcy auction,” Jordan explains. “By losing the agreements with the airlines, SkyMall’s previous management team lost their monopoly on in-flight shopping. Since I didn’t like their business model, I chose not to submit a bid. I didn’t believe that the name alone was worth it.”

Sky 2 Buy

About six weeks ago when SkyMall declared bankruptcy, Jordan was quick to jump to the forefront of the public discussion with a series of widely read articles on LinkedIn and many press mentions, including an appearance on CNBC’s Closing Bell. Due diligence quickly uncovered that all of SkyMall’s contracts with airlines – the foundation of the entire business- had lapsed. Jordan insists that the concept of in-flight shopping is still valuable — if and when a brand can get back on airplanes. And, that is exactly what he hopes to do.

Introducing SKY2BUY: Your New Mall in the Sky, Inspired by Duty Free Shops Jordan’s new new venture is SKY2BUY. It will be in planes in test markets in the U.S. in June or July of this year and plans to become the go-to source for in-flight shopping. Jordan’s emphasis is on creating a high-end travel magazine with shopping opportunities instead of a kitsch-filled catalog. Brands that cater to travelers — like Jordan’s own SCOTTeVEST — will be featured. In addition to shopping, SKY2BUY will include editorial content of interest to travelers. Rather than developing a stand-alone publication, Jordan’s SKY2BUY will be a special advertising section in airline magazines that are already onboard every flight. The model is simple: reward travelers with massive discounts (just like a Duty Free Shop) based on shopping while traveling. Fliers already flip through in-flight magazines and SKY2BUY will provide added incentives to reach into the seatback pocket. Cooperating with in-flight magazines is a sound cost-saving measure. Whereas SkyMall paid over $350K annually to each airline just for fuel surcharges, SKY2BUY will be integrated into the print materials already found on board. This efficiency both reduces the amount of print materials on each flight and makes SKY2BUY’s discounting model possible. This is just one example of cost-cutting to be implemented by SKY2BUY intended to pass savings to the consumer and profits to the airlines.

What to Expect from SKY2BUY Shoppers will always be able to make purchases from SKY2BUY, but only travelers are eligible for the discounts. One is considered a SKY2BUY traveler when (s)he is in an airport, on an airplane or has arrived at his or her destination within the past 24 hours. This is verified electronically by geo-tagged locations or by entering a flight confirmation number. A traveler’s boarding pass acts as a ticket to savings. This unique, location-based model rewards travelers who shop during/immediately after travel. SKY2BUY’s discounting concept is similar to a duty-free shop. A shopper can buy the same goods elsewhere, but it is only while traveling that the discounts are available. SkyMall cited the increased use of electronic devices in-flight as a reason for decreased interest in their catalog. SKY2BUY will address this challenge by offering tech-savvy fliers free in-flight apps to encourage immediate purchases, as well as partnerships with in-flight wi-fi providers to provide free wi-fi for purchases made on SKY2BUY. As a former SkyMall advertiser, Jordan’s company SCOTTeVEST was frustrated by the amount of time from when a customer placed an order and when SCOTTeVEST received the order from SkyMall so they could fulfill it. SKY2BUY’s customers will purchase directly from advertisers. By removing the middle-man, advertisers will receive order information in real time, thus enabling them to provide a better customer experience. In some cases, orders will be available upon landing at the shopper’s destination. The elimination of the middle-man will not only make things faster, it will also remove an unnecessary layer of costs. “Realize that you forgot a tie for that big meeting? Turn to SKY2BUY. Left your sunscreen at home? There’s an outdoor excursion kit waiting for you at your destination,” explains Jordan.

The Content SKY2BUY will dial up the entertainment aspect that made SkyMall enjoyable by embracing creative content and making it more than just a catalog. Because all travelers are going from one location to another, there is a shared experience. SKY2BUY plans to build on that experience, offering gadgets and travel aids… not alien butler statues or dragon bookends. Travel should be enjoyable and SKY2BUY’s product selection will be curated to combat in-flight boredom and encourage shopping by providing items that are relevant to travelers. The focus on travel-related items and purchasing directly from advertisers should take care of the low conversion rates that contributed to the demise of SkyMall. Focusing on conversion rates comes naturally to Jordan after years running the highly successful, ecommerce company SCOTTeVEST. He understands the importance of creating content the resonates with customers. A small sampling of planned sections in SKY2BUY’s initial 16-page spreads include:

  • Travel gear and Luggage
  • Gadgets
  • Food and Drink
  • Fashion
  • Auto-Related Items

Just as most airline magazines are updated monthly, SKY2BUY will be refreshed on the same schedule, ensuring that readers always have something new to peruse – and buy – while in transit.

Sky 2 Buy

The App While most customer’s first experience with SKY2BUY will be in print form, SKY2BUY is developing a sophisticated, user-friendly app. It will be available as a free download prior to take-off (without having to pay for wifi). Travelers can then shop while they are in the air. Purchases will automatically sync upon landing, with no need to pay for in-flight wireless.

The Editorial “Content and commerce are inextricably bound together,” explains Jim Louderback, the former editor of PC Magazine who has been tapped to lead SKY2BUY’s content efforts. “Entertaining product curation creates stories as compelling as those on Netflix or in the movie theater. By combining great storytelling with great product curation we’ll be building a cure for boredom AND an experience you’ll want to share over and over again.”

SKY2BUY is Cleared for Take-off Jordan hasn’t revealed which airline magazines will include SKY2BUY, but confirms that he has three major U.S. and multiple international airlines in active conversations. The airlines have been very open to Jordan’s model because of the likelihood of profitability from day one. A June launch is SKY2BUY’s goal, to coincide with the summer travel season. On a parting note, Jordan said, “This summer, fly with SKY2BUY: your new mall in the sky.” Full SKY2BUY details may be found at www.SKY2BUY.com.

Supplemental- United Arab Emirates “Super Jumbo” A380

The amazing Boeing 787 Dreamliner