The incident is believed to be the result of a series of large-scale attacks using infostealer malware, which has been active since early 2025. Data was collected from infected user devices, then compiled into files and distributed on cybercrime forums.
Exposed data does not come from old leaks
The investigation, led by a team of experts at CyberNews, uncovered 30 data sets ranging in size from tens of millions to 3.5 billion records each. The total number of records was up to 16 billion. Notably, the majority of the exposed data was completely new, never appearing in previous leaks.
The data is clearly structured with full URLs, login names and passwords, allowing hackers to easily exploit it to gain access to accounts or carry out targeted attacks. According to the researchers, this is not just a simple data leak but "a blueprint for large-scale attack campaigns".
Infostealer becomes the main attack tool
The main source of the incident was identified as infostealer malware. These malwares are designed to silently infiltrate user systems, collecting data stored in the browser such as login information, cookies, session tokens and many other types of sensitive data.
Modern malware samples are capable of automatically extracting and sending data to the hacker’s control server. Once compiled, the data sets are sold to cybercriminals for use in fraud, identity theft, account hijacking, and even ransomware.
Infostealer is particularly dangerous because it spreads quickly, is difficult to detect, and exploits weak and repetitive password usage habits and users who have not implemented modern authentication mechanisms.
Global impact
The list of affected services includes most of the popular platforms on the Internet today:
- Apple
- Facebook
- Google
- Telegram
- GitHub
- VPN services
- Developer Platform
- Electronic market
- Government login portal
Researchers stress that with the amount of data exposed, no user can consider themselves safe. The risk of losing access to accounts, having their identity stolen, or being attacked by malware can happen to anyone using the Internet, both in personal and professional settings.
Comments from WhiteHat experts
WhiteHat experts say that this leak is not just a normal security incident, but a systemic warning about the increase in large-scale personal data exploitation campaigns. With an unprecedented amount of exposed information, the risk of account takeover, identity fraud, and digital supply chain attacks is at an all-time high.
As infostealer campaigns become increasingly sophisticated and automated, Internet users need to reassess their entire approach to account protection. Implementing preventative measures cannot be delayed.
Security Recommendations
WhiteHat experts recommend that users proactively take the following measures immediately:
Change all passwords, prioritizing email, banking, social media, cloud services, and accounts that involve personal or financial data
Enable multi-factor authentication (MFA) for added security
Use a password manager to generate and store strong passwords, avoiding reusing the same password across multiple services
Switch to modern authentication methods like passkey if possible
Keep an eye out for personal information breach alerts through data auditing services like Have I Been Pwned or use breach monitoring systems from reputable vendors.
Source: https://khoahocdoisong.vn/16-ty-tai-khoan-bi-ro-ri-ky-luc-chua-tung-co-trong-lich-su-post1549388.html
![[e-Magazine] Reporters must know how to create multi-platform products](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/6/21/7e3f0e4d62434cffb490109bf838e069)
![[Photo] Central Propaganda and Mass Mobilization Department meets with exemplary journalists](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/21/9509840458074c03a5831541450d39f8)
![[Maritime News] Wan Hai Lines invests $150 million to buy 48,000 containers](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/6/20/c945a62aff624b4bb5c25e67e9bcc1cb)
Comment (0)