A massive trove of more than 16 billion login credentials from leading online service providers, including Apple, Google and Facebook, was leaked, with potential consequences for crypto holders.

According to a June 19 report, the Cybernews research team reviewed “30 exposed datasets containing from tens of millions to over 3.5 billion records each.” All together, that came around to “a humongous 16 billion exposed login credentials.”

“None of the exposed datasets were reported previously, bar one […] a ‘mysterious database’ with 184 million records,” the report reads. Most of the databases contained an average of 550 million entries, while the smallest held over 16 million.

Cybernews warned that this could serve as the basis for “mass exploitation” by providing “fresh, weaponizable intelligence at scale.” Most of the data was reportedly exposed by unsecured Elasticsearch or object-storage instances.

Most major services hit

Cybernews said the data allows access to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.” The data also includes infostealer dumps, including tokens, cookies and metadata, making it particularly dangerous for organizations lacking multi-factor authentication.

According to the report, the original owner of the data is still unclear. Still, “it’s virtually guaranteed that some of the leaked datasets were owned by cybercriminals.”

Consequences for the crypto industry

The cryptocurrency industry may face serious fallout as a result of the leak. Security analysts expect a rise in targeted account takeover attempts using leaked credentials, particularly against custodial wallets or platforms tied to email access.

Some wallets also allow password-based seed-phrase backups stored in cloud services, which could allow attackers to attempt to obtain the private keys.

Depending on the extent and success of those attacks, exchanges may decide to request that users change their passwords or take more drastic measures to prevent asset loss.

The breach also highlights persistent issues such as password reuse and weak authentication practices. Crypto users should immediately update passwords, enable 2FA, and avoid storing recovery phrases in unsecured digital environments.

Magazine: Crypto-Sec: Evolve Bank suffers data breach, Turbo Toad enthusiast loses $3.6K