A staggering 16 billion logins exposed in epic data breach, inc Apple accounts

2 days ago 5

Security researchers have discovered what they describe as “one of the largest data breaches in history,” comprising a staggering 16 billion logins, which include Apple accounts (formerly known as Apple IDs).

The researchers said that the stolen data gives cybercriminals “unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing” …

You may recall a report last month that Apple login credentials were among a massive database of 184 million records found sitting unprotected on a web server. It now appears this was just the tip of the iceberg, as further digging revealed that this was just one of a number of databases.

Cybernews reports that researchers found a further 29 datasets.

So far, they’ve discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.

The sheer scale of the find makes it extremely difficult to quickly assess how much overlap there is between them, but it seems a safe bet that even taking this into account it will remain of of the biggest stolen login discoveries of all time.

The researchers said that this isn’t just the re-discovery of old data.

“What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale,” researchers said.

The simple and neatly-organized structure of the data – URL, username, password – points to infostealers as the source. This is a class of malware specifically designed to obtain login credentials which aims to collect exactly this information in exactly this format.