Tag Archives: Virtual Private Network

Sci-Tech

24 Billion Credentials Leaked In Database- Are Yours Included?

Leave a comment

24 billion records, including usernames and passwords were just exposed in colossal data leak.

24 billion records data leak
Image by Cybernews.

Cybernews researchers discovered an exposed database containing 24 billion records, including usernames, email addresses, plaintext passwords, and login URLs. The data appears to come from infostealer malware logs, records stolen from infected devices and collected from Telegram channels, breach compilations, and other sources.

Key takeaways:

  • Cybernews researchers found an exposed Elasticsearch cluster containing 24 billion records and more than 8.3TB of data.
  • Most records appear to be infostealer logs, including usernames, emails, passwords, and login URLs.
  • The data came from 36 sources, including Telegram channels, breach compilations, and large “collections.”
  • Researchers cannot yet confirm how many records are duplicates or how many unique people were affected.
  • The database is no longer publicly exposed, but reused passwords may still put accounts at risk.

While data leaks spilling millions of records have become the norm, one involving 24 billion records, including usernames and passwords, is something else. That’s why the Cybernews research team had to triple-check their findings after uncovering over 8 terabytes of data exposed online.

Our team discovered what is likely to be one of the largest databases ever exposed on June 12th. The vast majority of the 24 billion exposed records, our researchers believe, were infostealer logs. In other words, stolen usernames, passwords, and services that these credentials were supposed to grant access to.

“The credential data leak is dangerous simply because of its enormous size. Since the data leaked online, billions of affected accounts are at serious risk of takeovers, especially if they are not protected with multi-factor authentication,” the team explained.

infostealer data sample
Infostealer log document example. Image by Cybernews.

What did the 24 billion record data leak reveal?

The records our team uncovered were stored on a publicly available Elasticsearch cluster, a group of interconnected search servers. The total volume of information in the cluster exceeded 8.3 terabytes.

Nearly all exposed records were infostealer logs, data collected by malicious software that steals sensitive information. According to the team, the logs revealed login credentials in raw format, with each login detail saved separately, including email addresses, usernames, and passwords in plaintext.

infostealer data sample2
Document counts from different sources. Image by Cybernews.

Additionally, researchers identified URLs that the leaked credentials are supposed to grant access to, as well as the source of the logs.

The exposed credentials came from 36 distinct sources, varying from Telegram channels to combined data collections of previous data breaches and datasets exported directly from live target servers.

Which Telegram channels are involved in the data leak?

For example, over 1.7 billion records supposedly came from various Telegram channels. All channels appear to be involved in cybercrime, with a focus on stolen credentials and data breaches.

Most of the 36 data sources, over 30, are Telegram channels with a number of records ranging from hundreds of millions of exposed records to a few thousand. While most of the channels were in English, some were in Russian.

To avoid advertising Telegram channels that contain stolen credentials, we will not mention their names. However, most of the Telegram-based records were supposedly taken from hacking-related channels.

infostealer logs sources

Another category of Telegram channels includes access to stolen credit card data, with one channel apparently dedicated to sharing this information.

Interestingly, nearly 260 million records came from Telegram channels with “Darkside” in the title. Several years ago, Darkside was among the most prolific ransomware groups. The gang infamously attacked the Colonial Pipeline, causing fuel supply disruption on the US East Coast.

Billions of records in unknown “collections”

A staggering 22.6 billion records supposedly came from what the data owner named “collections.” These records could come from various infostealer collections previously leaked online, or they may indicate that the records are grouped by the services they are supposed to provide unauthorized access to.

Since the data was taken out of public view soon after the discovery, researchers could not further investigate the origin of the information within the so-called “collection” source.

The same reason prevented the team from deducing exactly which service providers were exposed. However, given the colossal number of records involved, it’s highly likely that they reveal access to services with very large user bases.

The team also noticed a source with 150 million records named “local database dumps.” Records from this source likely indicate they were exported directly from live target servers. Local database dumps typically involve downloading the contents of a certain database on a user device.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands Check now by clicking the red box:

Check if your data has been leaked

In this particular case, “local data dumps” could mean the person running the server uploaded records to the collection themselves, or that they got the data from other sources.

“Additionally, records contained file names from where they were imported. In total, there were at least 195 distinct file names. Some of them indicated that the credentials in question came from the AntiPublic collection and what kind of accounts they include,” our researchers said.

AntiPublic collection is a stealer log combo list that first appeared in 2016 and contained around 600 million records. The AntiPublic-related information in the leak categorized credentials in the AntiPublic collection. For example, some files contained logins to only adult content services or only to streaming platforms.

Another 146 million records came from a source named “breach compilation combo” and most likely contain information from past data breaches that exposed user credentials. Attackers favor exploiting information from past breaches, since users often reuse credentials and rarely change passwords.

The source with the smallest number of records was named “Redline stealer” and only contained 27 records. RedLine stealer is a common infostealer that operates as a malware-as-a-service (MaaS), allowing low-skilled attackers to participate in cybercrime.

Owner interested in news articles and social media posts

Interestingly, our researchers found a small subset of data, around 17,000 records, containing information that’s rarely seen in data leaks. For example, over 9,500 documents contained CVE (Common Vulnerabilities and Exposures) IDs and descriptions, along with corresponding GitHub repository URLs.

One of the vulnerabilities identified in the exposed cluster involved a Valhall GPU Kernel Driver issue.

Moreover, over 5,200 documents contained logs of news articles related to recently occurred data breaches with article URLs, their contents, and short descriptions. One of the news articles was published as recently as February 2026 and covered a supply chain attack targeting the Python Package Index (PyPI) repository.

Another 2,900 documents were logs of social media posts related to cybersecurity incidents. One of the posts our team saw discussed operational details of the Babuk ransomware from 2021.

All of this points to the data owner actively monitoring the cybersecurity landscape, with a likely intent to update their vast collection of credentials with records from the latest data breaches and data leaks.

The known unknowns

While we are confident the data leak our team has uncovered indeed contains a whopping 24 billion records, there are limitations to what we know about the data inside the now-closed Elasticsearch cluster.

For one, the team had limited time to investigate the data leak, which prevented us from delving deeper into the types of information that may have been included in the “Collections” source.

Moreover, we cannot confidently estimate how many duplicates were included in the leak, leaving the potential number of exposed individuals a guessing game. However, it would hardly be a surprise that a data leak involving 24 billion records would affect more than a few online accounts.

At this point, we’re also unable to accurately say how old or new the leaked data is. Based on the February, 2026 news article contained in the data leak, it appears the data’s owner regularly updates the cluster with new information.

We also do not know who the data owner is, or why anyone would hoard so much data. Our team believes that “both a company and an individual threat actor could be collecting such information for various purposes.”

“Companies could collect this data for a monitoring service or a security check service, and threat actors could be collecting this data to aid in discovering fresh exploits to help them with data breaches,” our researchers said.

Meanwhile, our team believes that when it comes to historic data leaks, hoarding everything is the way to go.

“Why wouldn’t they hoard so much data? When it comes to historical leaked data and information on exploits and attacks, the more information you have, the better, as it allows for better insights, and helps detect more relevant compromised accounts, and ways that a given target could be breached,” the team explained.

What should you do now to protect your data?

To keep yourself safe, it’s important to be proactive and take some simple but crucial precautions. Users should change reused passwords as soon as possible, starting with key accounts like emails social media cloud storage, and banking.

Enabling multi-factor authentication where possible and using password manager to create strong and unique passwords is also a good idea. Users should also be weary of phishing messages that, in some cases, may advertise assistance to check whether user data was exposed.

Meanwhile, a few smart habits and tools can go a long way in protecting your personal data agains infostealers and making it much harder for threat actors to get a hold of it.

  • Use a VPN when you’re on public Wi-Fi. It will help keep your connection secure and private.
  • Be careful about clicking on links or downloading attachments from emails or messages you weren’t expecting or don’t trust.
  • Keep your apps and operating systems updated on all devices since updates often include important security fixes.
  • Turn on two-factor authentication (2FA) whenever it’s available for an extra layer of authentication.
  • Only download apps and software from official stores or trusted websites to avoid fake or infected versions.

Strong password generator

Upgrade the security of your online accounts.

Create strong passwords that are completely random and impossible to guess.

Strong Password Generator

Create a secure, random password instantly.

Leaking billions of records is becoming the norm

Unfortunately, datasets with billions of records are more often left publicly accessible. Earlier this year, our team discovered another exposed Elasticsearch cluster that contained over 160 indices, holding 8.7 billion of primarily Chinese records, ranging from national citizen ID numbers to various business records.

Meanwhile, last December, our team found a database with 4.3 billion records, some of which included LinkedIn-derived personal information. The 16TB-strong instance contained emails, photos, employment histories, and other personal data. A single collection alone contained 732 million records, including photographs.

In July 2025, Cybernews researchers uncovered one of the largest data leaks in history after discovering several collections of login credentials, containing a total of 16 billion records. The team found 30 exposed datasets, each containing tens of millions to more than 3.5 billion records.

However, the only data leak comparable to the recent discovery is the one our team found back in 2024. The supermassive leak contained data from numerous previous breaches, comprising an astounding 12 terabytes of information spanning over 26 billion records.

For the Silo, Vilius PetkauskasVilius Petkauskas/cybernews.com

Featured image- cartoonistgroup.com/ Creators Syndicate Mike Luckovich

Sci-Tech

In The Future Cyberwar Will Be Primary Theater For Superpowers

Leave a comment

Cybersecurity expert explains how virtual wars are fought

With the Russia-Ukraine war in full swing, cybersecurity experts point to a cyber front that had been forming online long before Russian troops crossed the border. Even in the months leading up to the outbreak of war, Ukrainian websites were attacked and altered to display threatening messages about the coming invasion.

“In response to Russian warfare actions, the hacking collective Anonymous launched a series of attacks against Russia, with the country’s state media being the main target. So we can see cyber warfare in action with new types of malware flooding both countries, thousands of sites crashing under DDoS (distributed denial-of-service) attacks, and hacktivism thriving on both sides of barricades,” Daniel Markuson, a cybersecurity expert at NordVPN, says.

The methods of cyberwarfare

In the past decade, the amount of time people spend online has risen drastically. Research by NordVPN has shown that Americans spend around 21 years of their lives online. With our life so dependent on the internet, cyber wars can cause very real damage. Some of the goals online “soldiers” are trying to pursue include:

  • Sabotage and terrorism

The intent of many cyber warfare actions is to sabotage and cause indiscriminate damage. From taking a site offline with a DDoS attack to defacing webpages with political messages, cyber terrorists launch multiple operations every year. One event that had the most impact happened in Turkey when Iranian hackers managed to knock out the power grid for around twelve hours, affecting more than 40 million people.

  • Espionage

While cyber espionage also occurs between corporations, with competitors vying for patents and sensitive information, it’s an essential strategy for governments engaging in covert warfare. Chinese intelligence services are regularly named as the culprits in such operations, although they consistently deny the accusations.

  • Civilian activism (hacktivism)

The growing trend of hacktivism has seen civilian cyber activists take on governments and authorities around the world. One example of hacktivism is Anonymous, a group that has claimed responsibility for assaults on government agencies in the US. In 2022, Anonymous began a targeted cyber campaign against Russia after it invaded Ukraine in an attempt to disrupt government systems and combat Russian propaganda.

  • Propaganda and disinformation

In 2020, 81 countries were found to have used some form of social media manipulation. This type of manipulation was usually ordered by government agencies, political parties, or politicians. Such campaigns, which largely involve the spread of fake news, tended to focus on three key goals – distract or divert conversations away from important issues, increase polarization between religious, political, or social groups, and suppress fundamental human rights, such as the right to freedom of expression or freedom of information.

The future of cyber warfare

“Governments, corporations, and the public need to understand this emerging landscape and protect themselves by taking care of their physical security as well as cybersecurity. From the mass cyberattacks of 2008’s Russo-Georgian War to the cyber onslaught faced by Ukraine today, this is the new battleground for both civil and international conflicts,” Daniel Markuson says.

Markuson predicts that in the future, cyber war will become the primary theater of war for global superpowers. He also thinks that terrorist cells may focus their efforts on targeting civilian infrastructure and other high-risk networks: terrorists would be even harder to detect and could launch attacks anywhere in the world. Lastly, Markuson thinks that activism will become more virtual and allow citizens to hold large governmental authorities to account.

A regular person can’t do much to fight in a cyber war or to protect themselves from the consequences.

However, educating yourself, paying attention to the reliability of sources of information, and maintaining a critical attitude  to everything you read online could help  increase your awareness and feel less affected by propaganda.  For the Silo, Darija Grobova.

Travel

Canadian Holidaymakers Charged Up To 35% More Through Canadian Websites

Leave a comment

Vacationers booking holidays through Canadian websites are being charged hundreds of dollars more than overseas customers for exactly the same deals, research commissioned by cybersecurity company NordVPN reveals.

From luxury breaks and hotel stays to car hire, consumers are frequently being presented with wildly different prices depending on where they log on.

Using the American website for Hotels.com resulted in a staggering $805.55 saving for a 7-night stay, while hiring a vehicle through the Italian server resulted in a quote 25% cheaper than the Canadian site.

NordVPN’s researchers used its Virtual Private Networks (VPNs) to make it look to websites like they were not in Canada. They discovered savings across a range of well-known travel sites like Hertz, Expedia, Booking.com and Sixt, for a variety of countries, including Italy, Mexico and the US.

What is a VPN? A VPN disguises your IP address, while improving privacy and security. You select a country and NordVPN ensures that’s where websites think you are. VPN users are then able to see the differing content — and prices — shown to overseas consumers. 

Using a VPN, a 7-night stay this August at The Gates Hotel South Beach in Miami, Florida, through Hotels.com revealed a $805 price difference for a family of four. The Canadian website quoted $3,086 and the American site $2,280 — less than a sixth as much. Visiting the website from Italy netted a 22% saving on a 7-night family stay at Venice’s Antony Palace Hotel in August — $376 off the Canadian price of $1,732.

For those visiting the French Riviera, an exclusive 7-night stay in Hotel Casarose in August would cost 16% less using the French version of Hotels.com website, lowering the price from $4,363 to $3,656.

Fans of the UK royal family planning to stay near Kensington Palace could save 13% by using the English Booking.com site, reducing a week’s stay in August at the Twenty Nevern Square Hotel from $4,260 to $3,715. 

Going to Booking.com from a French server led to a $1073 lower price on a 7-night vacation at the Hôtel Alfred Sommier in Paris in August — bringing the cost down to $8,922. Meanwhile, using an Italian server to search the Rentalcars.com website for car hire in Rome quarter (25%) cheaper than the same company’s offer to Canada-based consumers.   

Browsing for more summer hotel deals using the Mexico website of Expedia uncovered a 22% saving for a week break in Cancun at El Taj Oceanfront & Beachside Condo Hotel, leaving bookers $614 better off.

Looking at car hire deals from Hertz through the UK’s website, you could bag a 23% saving — $345 — on a 7-day hire of a Polestar at Edinburgh Airport in August, bringing the price down from $1,482 to $1,137. Using Sixt to book a rental from the Nice Airport in August, this time with Sixt brought up a 13% discount of $92 for hiring a Peugeot 208 for 7 days, making the French server price $650 versus $742.

Also, Sixt quoted a price that was 16% lower for a Jeep Grand Cherokee in Orlando, Florida via the US website for July — charging $867, a saving of $164. 

Visiting Sixt from France delivered the 11% discount, with a 7-day hire of a Tesla Model Y from Paris Charles de Gaulle Airport offered for $1038, $122 less than the Canadian website’s quote of $1160.

The research was commissioned by NordVPN and conducted by an external company between March 10th and 31st, 2023. Simultaneous searches were made for identical products being sold by the same vendor using numerous country servers.

When conducting the research, there were cases when prices offered to consumers in different countries were similar. However, for illustration purposes, this article and table present the biggest differences in price. 

Table: Cost of items booked through Canadian versus local websites

CompanyWhatWhenDate SpottedCanada price (CAD)VPN PricePrice DiffSaving (%)
Hotels.com7 night stay in The Gates Hotel South Beach – a DoubleTree by Hilton located in Miami, FloridaAugust 14-21March 10$3,086$2280.45$805.5526%
Rentalcars.comHiring a Fiat Tipo for 7 days and picking up from Rome Fiumicino AirportAugust 14-21March 28$1,353.92$1021.93$331.9925%
HertzHiring a ‘full size’ Polestar 2 for 7 days and picking up from Edinburgh Airport on a pre-pay priceAugust 14-21March 22$1481.75$1,136.92$344.8323%
Expedia7 night stay in El Taj Oceanfront & Beachside Condo Hotel in Cancun, MexicoJuly 3-10March 29$2,737$2,122.62$614.3822%
Hotels.com7 night stay in Antony Palace Hotel, Venice, Italy in a superior quadruple roomAugust 14-21March 28$1,732$1355.94$376.0622%
Hotels.com7 night stay in Hotel Casarose on the French Riviera, France in an Exclusive Suite roomAugust 14-21March 28$4,363$3656.93$706.0716%
SixtHiring a Jeep Grand Cherokee and picking up from Orlando International AirportJuly 10-17March 29$1,031.61$867.27$164.3416%
Expedia7 night stay in Antico Palazzo Rospigliosi in Rome, Italy in a quadruple roomAugust 14-21March 28$2,165$1,834.99$330.0115%
Booking.com7 night stay in Twenty Nevern Square Hotel, Kensington, London, UK. Based on two separate rooms to accomadate family of 4August 14-21March 28$4,260$3,715$54513%
SixtHiring a Peugeot 208 for 7 days and picking up from Nice AirportAugust 14-21March 28$742.07$649.59$92.4813%
Booking.com7 night stay in the (5 star) Hôtel Alfred Sommier, Paris, France in a two connecting double room.August 14-21March 30$9,996 (inclusive of additional taxes)$8,922.68$1,073.3211%

Source: NordVPN

Marijus Briedis, Chief Technology Officer at NordVPN, said: “In the internet age it’s never been easier to hunt for a vacation, and you can have all the elements — from car hire to hotel stays — arranged at the click of a mouse. 

“For the unsuspecting consumer there’s a price to be paid for these advances. Online tracking used by travel websites means that they can tell what holiday we’re looking for before we do, while algorithms can adjust holiday prices to the spending power of different countries.

“Never assume you’re getting the same deal as everyone else. Your location, the number of visits you pay to a website, and how your search fits in with the school holiday schedule, can all influence the price you’re offered.

“The best way to fight back is to shop around with the same provider using a VPN and see if you can find hidden savings offered to customers overseas. As our research shows, it could save you thousands of dollars a trip.”

How to save on holiday bookings with a VPN

There’s no need to overpay for a holiday abroad. Using a VPN can save you a lot of money – and it’s easy to get started.

Make sure you choose a reliable VPN provider that takes your privacy and security seriously. Though looking for a free option may be tempting, it’s best to stay clear of free VPNs. Here’s how to save on holiday bookings with a VPN:

  1. Get a VPN subscription. If you’re interested in NordVPN, you’ll find our subscription plans here.
  2. Download and install the VPN app on your device.
  3. Launch the app and enter your credentials to sign in.
  4. Pick a server in a country of your choice, and connect to it.
  5. Head to the provider websites and note down the prices.
  6. Repeat this process with several server locations to find the best price. We also recommend clearing your browser’s cache before returning to the site so it doesn’t identify you as a returning user and impact the price you’re shown.

Even though this process might take a little longer than you’re used to, you’re likely to find some great deals to make it worthwhile. This method will work for finding cheaper flights, hotels, car rentals, and even general online shopping.

Sci-Tech

Research: Adult Content, Streaming & Video Hosting Sites Have Most Security Threats

Leave a comment

According to research by our friends at NordVPN, one of the leading cybersecurity companies, adult content, streaming, and video hosting sites have the most security and privacy threats, such as malware, intrusive ads, and trackers. Research shows that NordVPN’s Threat Protection feature, whose sole purpose is to protect people from such threats, blocked 344M trackers, 341M intrusive ads, and 506K malware infections in the month of December 2022 alone.

“The online world is challenging people in every single move they make. Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Adult content sites contain the biggest amount of malware

Malware is malicious software that seeks to damage or compromise a device or data. Malware’s scope varies from relatively harmless to extremely dangerous. Malicious software can track people’s data, steal sensitive information, or even delete it without your consent.

NordVPN research shows that adult content sites (21%), as well as cloud storage providers (14%) and entertainment sites (11%), contain the biggest amount of malware. In December, Threat Protection blocked 60.4K, 40.1K, and 30.9K domains of these categories respectively.

Among the most common types of malware are viruses, spyware, worms, trojans, adware, scareware, ransomware, and fireless malware.

Streaming media sites have the most intrusive ads

Intrusive advertising refers to pushing invasive and irrelevant ads in front of consumers. They irritate users by popping up unexpectedly, blocking the host page, opening new pages and windows, or playing video and audio at inopportune times.

As for intrusive ads, the majority of them were found on streaming (23%), adult content (16%), and online shopping (9%) sites. Threat Protection detected and blocked millions of them: 552M, 389M, and 226M respectively.

“Today, ad blockers are essential for both security because they block ads that can infect people’s devices and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy. Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster,” explains Adrianus Warmenhoven.

image: variety.com

Video hosting sites have the biggest number of trackers

While many trackers are a tool for advertising and improving user experience, they may also become handy for online spies. Internet service providers (ISPs), marketing agencies, social media companies, and governments can access your online actions and breach your privacy.

NordVPN’s Threat Protection showed that video hosting sites (22%), cloud storage providers (16.31%), web email (16.25%), and information technology sites (12%) have the most trackers. Video hosting sites alone had 239 billion trackers blocked by Threat Protection in December 2022.

It’s worth adding that earlier NordVPN research showed that the average number of trackers per website is highest in Hong Kong (45.4 trackers), Singapore (33.5), the United States (23.1), and Australia (18.6).

“You can become less trackable online by declining third party cookies, because the website can sell your browsing data to third parties; using a VPN, which will hide your real IP address and location; installing a tracker blocker, which will stop your browsers from collecting information about you; and using privacy browsers, which can obfuscate your browser fingerprint, or ditching Google, which tracks a lot of data about you,” says Adrianus Warmenhoven.

Threat Protection scans your files before you download them, identifies threats, and blocks them before they can harm your device. The feature is free with every NordVPN subscription – and it allows you to go online without leaving a trace, protecting your privacy and improving your digital security.

Methodology: The statistics mentioned above were acquired by analyzing aggregated data gathered by the NordVPN’s Threat Protection service in January 2023. No identifiable user information was collected, reviewed, or otherwise involved when the research and compiled results were conducted.

Sci-Tech

Top sites data breached last year include linkedin

Leave a comment

Almost 6 billion accounts affected in data breaches in 2021 

The year 2021 was record-breaking in terms of the sheer size of data breaches. According to the data collected and analyzed by the Atlas VPN team, 5.9 billion accounts were affected by data breaches throughout 2021. 

Atlas VPN has retrieved and calculated the numbers of breached accounts based on multiple publicly available sources. The total count includes worldwide data breaches that took place from January 1st, 2021, to December 31st, 2021. 

Image

February saw the biggest data breach of all-time  COMB, or in other words, the Compilation of Many Breaches, which is responsible for the leak of a whopping 3.2 billion unique cleartext email and password combinations.

The breach was named this way because it is not a result of a single hack of a specific organization but rather combines leaked data from a number of different breaches spanning five years, including Netflix, LinkedIn, and others.

The breached data was first offered for sale on RaidForums, an underground database sharing and marketplace forum, for just $2 in February. Other breaches that made it to the top five biggest data leaks of 2021 include LinkedIn (700 million people), Facebook (533 million people), Brazil’s Ministry of Health (220 million people), and SocialArks (214 million people). 

Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her thoughts on 2021 data breach trends: “Even with data breaches becoming a growing threat, it seems organizations are still not putting enough effort in protecting the personal information of their users. One of the first things every organization should do is evaluate the amount of sensitive user data it collects — the less sensitive data is stored, the lesser the risk of it being leaked.”