Thought Leadership
An unprotected server has exposed 24 billion login credentials in plaintext, raising major concerns over the security of billions of online accounts. According to Cybernews, billions of accounts without multi-factor authentication (MFA) are at risk.
The Cybernews research team uncovered a publicly accessible Elasticsearch cluster containing more than 8.3 terabytes of data. In total, the database held 24 billion entries, including email addresses, usernames, and plaintext passwords, along with associated website URLs where the credentials were reportedly used.
The exposed information originated from 36 different sources. These included hacker channels on Telegram as well as aggregated datasets from older data breaches. The server has since been taken offline, and investigators have not yet been able to identify the owner of the database.
Infostealer Malware Behind the Massive Dataset
Researchers believe the database is linked to so-called infostealer malware logs. This type of malicious software is commonly distributed through compromised PDF files or pirated software downloads and is designed to silently infect devices.
Once installed, infostealer malware extracts sensitive data such as saved passwords, form inputs, credit card details, and cryptocurrency wallet information. The stolen data is then compiled into logs that are frequently traded or leaked online.
A media report dated February 2026 suggests the dataset was continuously updated with new information, indicating an ongoing collection process rather than a static breach.
The Cybernews team warned of the severe implications for affected users:
“Billions of affected accounts are at risk of being taken over, especially if they are not protected by multi-factor authentication.”
Cybernews Research Team
(ll)
