Bottom line: A publicly accessible Elasticsearch server stored 24 billion credentials from infostealer malware collections, placing millions of accounts without MFA at acute risk.
Cybernews researchers discovered a publicly accessible Elasticsearch cluster containing over 8.3 terabytes of data, including 24 billion email addresses, usernames and passwords in plain text. The data came from 36 sources, including hacker channels and aggregated older data breaches.
The Cybernews research team identified an unprotected Elasticsearch database with a total of 24 billion entries. In addition to email addresses and usernames in plain text, the database also contained the associated passwords and web addresses to which the logins referred. The total size was over 8.3 terabytes. According to the investigation, the data came from 36 different sources, including hacker channels on Telegram and compilations from known older data breaches. The server is no longer publicly accessible; a definitive owner has not been identified to date.
The research team suspects it is a logging database of infostealer malware. These malicious programs are frequently installed on endpoints through manipulated PDF files or pirated software and operate there undetected. After successful infection, they extract passwords, form data, credit card numbers and cryptocurrency wallet information. A media report found in the database from February 2026 suggests that the dataset was regularly updated with newly stolen information.
Cybernews warns that billions of affected accounts without active multi-factor authentication are exposed to immediate account takeover risk. For CISOs, this represents an escalation of the threat landscape: the availability of this extensive credential dataset significantly lowers the barrier to entry for credential stuffing, phishing campaigns and targeted compromises. Organizations should prioritize checking whether employee or customer accounts are contained in this dataset and accelerate the deployment of multi-factor authentication.
Source: www.it-daily.net · Published June 18, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.