According to Odaily, a Cybernews research team has revealed a significant data breach involving 16 billion login credentials from major online service providers, including Apple, Google, and Facebook. The largest single database in this breach contains 3.5 billion records. The exposed data was primarily found through unencrypted Elasticsearch or object storage instances and includes access tokens, session cookies, and account metadata stolen by information-stealing malware.
This breach poses a severe threat to the cryptocurrency industry, as attackers could exploit the leaked credentials to take over accounts, particularly those linked to custodial wallets or associated email platforms. The risk is heightened for wallets that allow mnemonic phrases to be backed up to cloud services. Security experts advise users to update their passwords immediately, enable two-factor authentication, and avoid storing recovery phrases in insecure digital environments.
The identities of the original data holders remain unclear, but researchers have confirmed that some databases may belong to cybercriminal organizations.