- Cybernews found exposed Elasticsearch database with 24 billion plaintext credentials from 36 sources
- Archive (~8TB) compiled infostealer logs, Telegram leaks, and prior breach data; regularly updated
- Owner unknown; mix of English/Russian sources, including 260M records tied to “Darkside” channels
A colossal database containing 24 billion records was found sitting on the internet, available to anyone who knew where to look, including usernames, passwords, and login URLs, all stored in plaintext.
The Elasticsearch database was discovered earlier this month by security researchers from Cybernews, who believe it is a compilation of different logs generated by various infostealers.
“The credential data leak is dangerous simply because of its enormous size,” Cybernews said. “Since the data leaked online, billions of affected accounts are at serious risk of takeovers, especially if they are not protected with multi-factor authentication.”
Identity unknown
The archive was locked down soon after being discovered, barring the Cybernews team from doing any deeper analysis – although they did manage to determine that the information came from 36 different sources, “varying from Telegram channels to combined data collections of previous data breaches and datasets exported directly from live target servers.”
The archive was more than eight terabytes in size makint it among the biggest archives ever discovered. Unfortunately, it is impossible to determine how many of the entries are duplicate, although it’s safe to assume that at least some of them are.
Cybernews also wasn’t able to determine the age of the findings but stressed that based on the February 2026 news article contained in the data leak, it could conclude that the cluster was being regularly updated.
The identity of the database’s owner remains a mystery. Most of the Telegram sources listed inside were in English, but some were also in Russian. Furthermore, around 260 million records came from Telegram channels with the work “Darkside” in them, referencing a now defunct ransomware group that was responsible for the catastrophic attack on Colonial Pipeline a few years ago.
Whoever it is, they seem to be actively monitoring the cybersecurity landscape and updating the collection frequently.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/yga3LG7XiRJcCatEoQaGuG-2560-80.png
Source link
