Currently the largest data leak - includes data from 16 billion breaches
The leaked data includes: account passwords (username & password) - cookie data - session tokens *this is the most dangerous (1)
📌 What are the accounts or platforms from which the data has been leaked?
Data from Google - Facebook - Apple - GitHub - Telegram - Zoom - Twitch accounts has been leaked
In addition to accounts for government platforms
- The data is very recent (some dated 30/4/2025)
📌 How was this data leaked?
This data was obtained through one of the malware tools called Infostealers, which are spy tools with the mission of 'stealing information' from the operating system or web browser like Chrome, Firefox
📌 The data that Infostealers steal:
- Login data
- Details of credit cards saved in the browser or device
- Cryptocurrency wallets
- Cookies
- Operating system information
- Autofill data from the web browser *(2)
📌 How is infection, data theft, and leakage done?
- Devices are infected with Infostealer viruses through email attachments - phishing messages and fake websites - downloading pirated software or "cracks"
- After the device is infected, the Infostealer software scans the device to find targeted data (passwords, cookies, active sessions...), then the data is stolen and compiled into a file, and then sent to the attacker over the internet
⚠️ What is the danger of this leak?
Before discussing the risks - it is necessary to point out 3 important points
- The first point: The date of the leak, the data is very recent, one of the leaked files contains dates referring to the end of last April! Therefore, most of the leaked data may still be active!
- The second point: The number of leaks is very large, 16,000,000,000 leaks, (the world population is 8 billion) - although some of the leaks are duplicates, the number is very huge! Therefore, the possibility that victims are distributed across all countries is possible
- The third point: An explanation for the two points (1) and (2) mentioned in previous paragraphs
(1) Session tokens: When we open a Facebook or Gmail account or any other account in the browser or a specific application, this account remains open even if we restart the device or close the browser or application, this happens because the device retains something called session tokens
So the session tokens keep the account open until logging out from the account or application - therefore, if someone (or hackers) obtains the session tokens, it means they can access the account without needing the account password \ and the more dangerous part is that they can bypass two-factor authentication 2FA
(2) Autofill data: When you open a website or electronic form to enter your personal data (name, email, address, bank card number - and other personal data...), you sometimes notice that the browser or device suggests autofilling this information for you - this happens because the browser or device saves this information inside it and retrieves it to fill any form with the requested information, instead of doing this manually
Thus, if someone (or hackers) obtains the autofill data, it means they have sufficient information to make online purchases using your information or to create accounts in your name or to hack your accounts
📌 Summary of the main risks from the current leak:
- Account Takeover
- Identity theft
- Accessing accounts (bypassing two-factor authentication)
- Monitoring accounts and activities (such as: browsing history - places visited)
- Targeting with spear phishing attacks
- Breaches of organizations and companies via BEC (Business Email Compromise)
- Ransomware attacks
🛡️ Warning to organizations and companies
Beware and warn your team about phishing and deception operations that may occur in the coming period - especially using real data belonging to the organization or one of the partners or service providers
Also warning the team about impersonation of partners or partner devices
🛡️ How to protect and minimize damage - for individuals and organizations?
- Change passwords immediately - and use strong and unique passwords for each site, account, or application
- Enable multi-factor authentication (2FA) for all accounts - *Avoid text messages
- Using good password managers, such as Bitwarden
- Check accounts through tools like haveibeenpwned or Google dark-web monitoring - links are in the first comment
- Monitor login activities for all accounts
Also, changing the password is usually sufficient to disable the session tokens mentioned in the previous paragraph (1) - but it is better to log out of all accounts from all devices using the 'Log out of all sessions' option for email and all accounts
It is also very important to review all extensions in your web browser, and remove any extension you do not recognize or trust
📌 In short, please
[Change passwords
Log out of all sessions
Enable 2FA for all accounts
Check email leak
Removing unknown or untrusted extensions from the browser
Use a password manager
*These are tips and not a guide to account protection