24 Billion Credentials Exposed in Massive Infostealer Leak
Cybernews researchers discovered an 8.3TB database containing approximately 24 billion records with usernames, email addresses, plaintext passwords, and login URLs. The aggregated collection originated from infostealer malware logs, Telegram channels, breach compilations, and other sources across 36 datasets. The exposed database was publicly accessible before being taken down.
- passwords
- credentials
- emails
- usernames
An enormous cache of 24 billion credentials surfaced in a publicly accessible 8.3 terabyte database, exposing usernames, email addresses, plaintext passwords, and login URLs for potentially billions of people worldwide.
Researchers at Cybernews identified the collection on June 17, 2026. The data originated from infostealer malware logs, Telegram channels, breach compilations, and 36 distinct datasets. The database remained openly available until it was taken down following public reporting. Industry research from sources such as DoxxScan™ continuous monitoring confirms the scale and nature of the incident as one of the largest credential exposures recorded.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →