Twenty-four billion records. More than 8.3 terabytes of raw credential data. That’s what researchers at Cybernews reportedly found sitting in an exposed Elasticsearch database — no password protection, just an open door. This wasn’t a single company getting hacked. It was a compiled reservoir: usernames, email addresses, plaintext passwords, and login URLs pulled from infostealer malware logs, Telegram channels, and recycled breach data. Think of it less as a robbery and more as someone leaving a warehouse of stolen goods unlocked on a public street.
The database drew from 36 separate sources and appeared to be regularly updated — researchers found a February 2026 news item buried inside. Roughly 260 million records were tied to Telegram channels labeled “Darkside,” suggesting connections to ransomware-adjacent criminal networks, according to TechRadar.
The most unsettling detail? Every password was stored in plaintext. No hashing. No cracking required. Attackers could copy, paste, and go.
- 24 billion records totaling over 8.3TB of data, according to Cybernews
- Records included usernames, email addresses, plaintext passwords, and login URLs
- Compiled from 36 sources including infostealer malware logs and Telegram channels
- Approximately 260 million records linked to “Darkside”-labeled Telegram channels (TechRadar)
- The database owner remains unknown; the cluster has since been taken offline
“The credential data leak is dangerous simply because of its enormous size,” according to Cybernews.
Your Accounts Are Only as Strong as Your Weakest Reused Password
Whether or not your credentials appear in this specific dataset, the way attackers exploit leaks like this one puts every reused password at serious risk.
Credential stuffing is straightforward and brutal: attackers take leaked passwords and spray them across other services until something opens. Cybernews warns that billions of accounts face serious takeover risk, particularly where users haven’t enabled multi-factor authentication. Nobody knows how many duplicates exist within the 24 billion records, so the number of uniquely affected individuals remains genuinely unclear — but that uncertainty doesn’t reduce your exposure if you reuse passwords.
Password reuse is the digital equivalent of using the same four-digit PIN for your phone, your bank, and your gym locker. One compromise unlocks everything. You can check whether your email address appears in known breach data at Have I Been Pwned (haveibeenpwned.com), a reputable, free tool maintained by security researcher Troy Hunt.
Enable MFA on every account that supports it. Use a unique password for each service. The database is offline now, but credential copies spread like leaked Spotify Wrapped screenshots — fast, wide, and permanently beyond anyone’s control.
