A massive trove of more than 16 billion login credentials from leading online service providers, including Apple, Google and Facebook, was leaked, with potential consequences for crypto holders.
According to a Friday report, the Cybernews research team reviewed “30 exposed data sets containing from tens of millions to over 3.5 billion records each.” All together, that came around to “a humongous 16 billion exposed login credentials.”
“None of the exposed data sets were reported previously, bar one […] a ‘mysterious database’ with 184 million records,” the report reads. Most of the databases contained an average of 550 million entries, while the smallest held over 16 million.
Cybernews warned that this could serve as the basis for “mass exploitation” by providing “fresh, weaponizable intelligence at scale.” Most of the data was reportedly exposed by unsecured Elasticsearch or object-storage instances.
Related: Coinbase data leak could put users in physical danger: TechCrunch founder
Most major services hit
Cybernews said the data allows access to “pretty much any online service imaginable, from Apple, Facebook and Google, to GitHub, Telegram and various government services.” The data also includes infostealer dumps, including tokens, cookies and metadata, making it particularly dangerous for organizations lacking multifactor authentication.
According to the report, the original owner of the data is unclear. Still, “it’s virtually guaranteed that some of the leaked data sets were owned by cybercriminals.”
Related: Millions of OpenSea user emails leaked in 2022 now fully public: SlowMist
Consequences for the crypto industry
The cryptocurrency industry may face serious fallout as a result of the leak. Security analysts expect a rise in targeted account takeover attempts using leaked credentials, particularly against custodial wallets or platforms tied to email access.
Some wallets also use password-based seed-phrase backups stored in cloud services, which could allow attackers to attempt to obtain the private keys.
Depending on the extent and success of those attacks, exchanges may decide to request that users change their passwords or take more drastic measures to prevent asset loss.
The breach also highlights persistent issues such as password reuse and weak authentication practices. Crypto users should immediately update passwords, enable 2FA, and avoid storing recovery phrases in unsecured digital environments.
Magazine: Crypto-Sec: Evolve Bank suffers data breach, Turbo Toad enthusiast loses $3.6K
