VulnHub

Real-time Cybersecurity News

Massive database with 24 billion credentials found exposed online

SCM feed for Latest
PhishingData Breach

Overview

A massive database containing around 24 billion credentials has been discovered exposed online, amounting to about 8 terabytes of data. This database was gathered from 36 different sources, which include Telegram channels and previous data breaches, as well as data extracted from live servers. The sheer volume of exposed credentials raises significant concerns for individuals and organizations, as this information can be used for identity theft, phishing attacks, and unauthorized access to accounts. Users who may have been affected should take immediate steps to secure their accounts, such as changing passwords and enabling two-factor authentication. This incident underscores the ongoing risks associated with data breaches and the importance of safeguarding personal information.

Key Takeaways

  • Affected Systems: User credentials from various online services
  • Action Required: Users should change passwords and enable two-factor authentication.
  • Timeline: Newly disclosed

Original Article Summary

The exposed database, weighing approximately 8 terabytes, was compiled from 36 different sources, including Telegram channels, previous data breach collections, and data exported from live servers.

Impact

User credentials from various online services

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Users should change passwords and enable two-factor authentication

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Data Breach.

Read Original Article

Related Coverage

Accenture shells out $4.18B on three companies in big industrial cybersecurity push

CyberScoop

Accenture has made a significant move in the cybersecurity sector by investing $4.18 billion to acquire a majority stake in Dragos, along with the companies runZero and NetRise. This marks Accenture's first major entry into operational technology software at a time when threats to critical infrastructure are on the rise, particularly those driven by artificial intelligence. The acquisitions aim to bolster Accenture's capabilities in protecting industrial systems from cyberattacks, which are becoming increasingly sophisticated. As organizations rely more on connected technologies, ensuring the security of these systems is crucial for preventing potential disruptions. This strategic investment highlights the growing emphasis on safeguarding operational technology in various industries.

Jun 18, 2026

Fake GitHub Stars and AI Videos Mask a Crypto Clipper

Infosecurity Magazine

Researchers have discovered a new Rust-based crypto clipper that uses fake GitHub stars and AI-generated YouTube videos to attract victims. This malware secretly steals cryptocurrency by intercepting clipboard data, making it particularly dangerous for users engaging in crypto transactions. The clipper disguises itself as a legitimate tool, misleading users into downloading it. This incident is concerning as it highlights how attackers are increasingly using social engineering tactics to gain trust and spread malware. Users are advised to be cautious about the tools they download and to verify sources before installation.

Jun 18, 2026

ICO Cautions Healthcare Worker After Princess of Wales Incident

Infosecurity Magazine

A healthcare worker has been cautioned by the Information Commissioner's Office (ICO) after attempting to sell the medical records of the Princess of Wales. The incident occurred at a hospital where the insider tried to profit from sensitive information regarding the royal's health. Although the ICO decided not to pursue criminal charges, the case raises significant concerns about data privacy and the protection of personal health information in the healthcare sector. This event underscores the continuous need for stringent data protection measures, especially in environments that handle sensitive information. The potential for misuse of such data could undermine public trust in healthcare systems.

Jun 18, 2026

Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp

BleepingComputer

International law enforcement has successfully taken action against the SocGholish botnet, which is linked to the notorious Russian cybercrime group Evil Corp. They cleaned nearly 15,000 WordPress websites infected with malware and dismantled over 100 servers used in these attacks. This operation is significant as SocGholish is known for distributing malware that targets users through fake software updates and phishing tactics. The cleanup effort not only helps to secure the affected websites but also disrupts the operations of a well-established cybercrime group, which could reduce the risk of future attacks on unsuspecting users. The impact of this operation highlights the ongoing battle against cybercrime and the importance of maintaining secure online environments.

Jun 18, 2026

ShapedPlugin update flow hacked to infect WordPress sites

BleepingComputer

A supply chain attack has targeted multiple WordPress plugins from ShapedPlugin, leading to the distribution of compromised updates to paying customers through the vendor's official update mechanism. This breach allowed attackers to inject malicious code into the plugins, potentially affecting numerous WordPress sites that rely on these tools. Users of affected plugins may face serious security risks, including unauthorized access and data breaches. The situation is alarming as it underscores the vulnerability of software supply chains, where attackers can exploit trusted sources to distribute malware. Website owners using these plugins should take immediate precautions, including checking for updates and reviewing security practices to mitigate any potential damage.

Jun 18, 2026

Cybercriminals Are Worried About AI Taking Their Jobs Too

Infosecurity Magazine

A recent analysis by Sophos reveals that cybercriminals are expressing concerns about artificial intelligence potentially taking over their roles in the hacking community. Discussions on underground forums indicate that some hackers fear AI could automate certain tasks, making their skills less valuable. This shift could lead to increased competition and challenges in the underground economy, as AI tools become more accessible. The implications of this trend could affect the strategies that hackers employ, as they may need to adapt to remain relevant. Understanding this dynamic is crucial for cybersecurity professionals who monitor criminal activities online and develop defenses against evolving threats.

Jun 18, 2026