"Our team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records. ... Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances."
"Researchers claim that most of the data in the leaked datasets is a mix of details from stealer malware, credential stuffing sets, and repackaged leaks.
There was no way to effectively compare the data between different datasets, but it’s safe to say overlapping records are definitely present. In other words, it’s impossible to tell how many people or accounts were actually exposed."
So what they're actually saying is that in the last 6 months they've found 30 exposed databases which are not exact copies of any pre-existing leak, totaling 16 billion records before deduplication and removal of already-leaked records.
Care to guess the number of unique, not-previously-leaked records? 300m? 500m?
https://www.forbes.com/sites/daveywinder/2025/06/19/16-billi...
> These credentials weren’t recycled from old hacks or reposted from public breaches. They’re new, undocumented, and highly dangerous
esaym•7mo ago
369548684892826•7mo ago
WorldMaker•7mo ago
> The uniform formatting and lack of prior exposure suggest these weren’t collected passively. They were scraped or exfiltrated using active tools—most likely infostealer malware—and gathered into datasets optimized for sale or deployment.