'The credential data leak is dangerous simply because of its enormous size': Experts warn "colossal" breach exposes 24 billion records including personal info

News
By published

Someone has been hoarding data leaks from across the web

A composite image featuring a stylized digital military base schematic partially covered by a translucent "Data Leak" warning graphic in red and white.
(Image credit: Image: Generated with Google Gemini)
  • Cybernews found exposed Elasticsearch database with 24 billion plaintext credentials from 36 sources
  • Archive (~8TB) compiled infostealer logs, Telegram leaks, and prior breach data; regularly updated
  • Owner unknown; mix of English/Russian sources, including 260M records tied to “Darkside” channels

A colossal database containing 24 billion records was found sitting on the internet, available to anyone who knew where to look, including usernames, passwords, and login URLs, all stored in plaintext.

The Elasticsearch database was discovered earlier this month by security researchers from Cybernews, who believe it is a compilation of different logs generated by various infostealers.

“The credential data leak is dangerous simply because of its enormous size,” Cybernews said. “Since the data leaked online, billions of affected accounts are at serious risk of takeovers, especially if they are not protected with multi-factor authentication.”

Latest Videos From

Identity unknown

The archive was locked down soon after being discovered, barring the Cybernews team from doing any deeper analysis - although they did manage to determine that the information came from 36 different sources, “varying from Telegram channels to combined data collections of previous data breaches and datasets exported directly from live target servers.”

The archive was more than eight terabytes in size makint it among the biggest archives ever discovered. Unfortunately, it is impossible to determine how many of the entries are duplicate, although it’s safe to assume that at least some of them are.

Cybernews also wasn’t able to determine the age of the findings but stressed that based on the February 2026 news article contained in the data leak, it could conclude that the cluster was being regularly updated.

The identity of the database’s owner remains a mystery. Most of the Telegram sources listed inside were in English, but some were also in Russian. Furthermore, around 260 million records came from Telegram channels with the work “Darkside” in them, referencing a now defunct ransomware group that was responsible for the catastrophic attack on Colonial Pipeline a few years ago.

Whoever it is, they seem to be actively monitoring the cybersecurity landscape and updating the collection frequently.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.