- Cybernews discovered exposed Elasticsearch database containing 24 billion plain-text credentials from 36 sources
- Archive (~8TB) compiled infostealer logs, Telegram leaks and past breach data; regularly updated
- Owner unknown; mix of English/Russian sources, including 260 million discs linked to “Darkside” channels
A colossal database containing 24 billion records has been found on the Internet, accessible to anyone who knows where to look, including usernames, passwords and login URLs, all stored in plain text.
The Elasticsearch database was discovered earlier this month by security researchers from Cybernewswho think it is a compilation of different logs generated by various information thieves.
“The credentials leak is dangerous simply because of its enormous size” Cybernews said. “Since the online data leak, billions of affected accounts are at serious risk of being hacked, especially if they are not protected by multi-factor authentication. »
Unknown identity
The archive was locked shortly after its discovery, preventing the Cybernews team from further analysis – although they managed to determine that the information came from 36 different sources, “varying from Telegram channels to combined data collections from previous data breaches and datasets exported directly from live target servers.”
The archive was over eight terabytes in size, making it one of the largest archives ever discovered. Unfortunately, it is impossible to determine how many entries are duplicates, although one can assume that at least some of them are.
Cybernews was also unable to determine the age of the findings, but pointed out that based on the February 2026 news article contained in the data leak, it could conclude that the cluster was regularly updated.
The identity of the database owner remains a mystery. Most of the Telegram sources listed inside were in English, but some were also in Russian. Additionally, approximately 260 million records came from Telegram channels containing the work “Darkside,” referring to a now-defunct ransomware group responsible for the catastrophic attack on Colonial Pipeline a few years ago.
Regardless, they appear to be actively monitoring the cybersecurity landscape and updating the collection frequently.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
