Data breach involving 16 billion credentials is not what it seems

When news broke yesterday morning about a data breach involving 16 billion records, it soon became clear that this was misleading. Various datasets were found in a compilation of stolen credentials, presumably from infostealers. In short: there is no record.

We are not the only party responding to this alleged data breach. BleepingComputer also seems surprised by the nature of the reporting. “Despite the buzz, there’s no evidence this compilation contains new or previously unseen data,” author Lawrence Abrams wrote.

Hyped up good work

The Cybernews investigation team, which first reported on the data breach, claims to have found a total of 30 exposed datasets since the beginning of this year. “In total, the researchers uncovered an unimaginable 16 billion records.” And to further emphasize the matter: ” This is fresh, weaponizable intelligence at scale.”

It’s a good thing to do, of course, to find such credentials and report on them. It is now up to every user of Facebook and Apple services, among other sites and apps being hit, to set up MFA and not reuse old passwords. That has always been the advice, but now the seriousness has been made clear once again.

Not a single leak

Nevertheless, Cybernews’ wording has resulted in a flood of misleading headlines suggesting a single data breach has been uncovered. This is not a single data breach, but a compilation of 30 datasets found from the beginning of this year to now. Combined, the data is particularly useful for malicious parties who want to exploit these logins at scale, but nothing more than that. This isn’t part of a single event or compromise.

According to Cybernews itself, the stolen information is indeed a mishmash of data. For example, the datasets contain traces of infostealer malware, credential stuffing datasets, and repackaged leaks. Infostealers have become extremely popular and are difficult to detect; the total amount of data that appears to have been obtained demonstrates their effectiveness. We’ve written about their surge out in the wild before:

Top story

Microsoft launches free European Security Program: what does it entail?

Microsoft President Brad Smith is living up to his political-sounding job title. After a series of appearance...

Erik van Klinken June 5, 2025

Whitepapers

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Tech calendar

IT Arena

September 26, 2025 Lviv, Ukraine

Data breach involving 16 billion credentials is not what it seems

Hyped up good work

Not a single leak

Stay tuned, subscribe!

Snowflake AI has simplicity, efficiency, and trust at its core

Behind Cisco’s billion-dollar AI investment strategy

Enterprise Data Cloud is a logical but important evolution of the Pure platform

VMware and Siemens argue over location of legal fight

AI without ethics will never truly serve humanity

How do you innovate for a future you can’t entirely predict?

Snowflake makes AI Data Cloud the brain of any business

How do you roll out GenAI in enterprise environments?

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Nürnberg Digital Festival 2025

The AI reality tour

GITEX DIGI_HEALTH 5.0 - Thailand

IT Arena

Innovation Week 2025

Luxembourg Venture Days