The Weekly Breach Breakdown: How Were 24 Billion Records Exposed?

  • 07/10/2026
  • 7
  • 20
Listen On

Summary 

  • Security researchers discovered an exposed, open database containing a staggering 24 billion records comprising more than 8.3 terabytes of data. 
  • There’s no reason to panic or believe you’re facing any additional risks, but it is a good time to check your cyber hygiene. 
  • The dataset primarily consisted of infostealer malware logs, usernames, email addresses, login URLs and passwords in plaintext. 
  • The exposed database didn’t belong to cybercriminals; it belonged to a threat intelligence and breach monitoring platform that suffered a migration failure. 
  • The data compiled credentials from 36 distinct sources, including cybercrime Telegram channels, local database dumps and historic breach collections. 
  • While the database is now secured, the incident underscores the severe risk of automated credential stuffing attacks and the irony of security vendors inadvertently leaking the very data they collect to protect clients. 
  • If you think you have been a victim of a data breach or a scam, you can speak with an expert Identity Theft Resource Center advisor on the phone, via text message, or chat live on the web. Contact us via our toll-free phone number 888.400.5530 or on our company website. 

Full Transcript  

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 10, 2026. I’m Tim Walden. Thanks to SentiLink for their continued support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. 

This week, we are looking at one of the largest data exposures ever recorded, and it comes with a massive dose of irony. Researchers at Cybernews recently uncovered an open database holding a jaw-dropping 24 billion records, totaling more than 8.3 terabytes of personal information left completely unprotected on the web. 

While that sounds scary, the reality is this kind of identity compromise doesn’t actually create any additional risk for most people. That’s because the information was a collection of previously stolen data.  

The vast majority of this data consisted of “infostealer logs.” These logs contained raw usernames, email addresses, target login URLs and passwords sitting in plain text believed to have been collected by malware that had been installed on people’s devices.  

The data was scraped from infected devices and pooled with 36 different cybercrime sources, including hacking-focused Telegram channels and historic breach collections. 

Naturally, when a database of this size is found, the immediate assumption is that a malicious actor is hoarding it to launch a massive wave of account takeovers. But when researchers dug into who actually owned the data file, they found a startling twist. 

This dataset actually belonged to a legitimate threat intelligence and breach monitoring company. The platform aggregates this data to help identify risks for their corporate clients. However, during a system migration, a simple server misconfiguration left the entire vault completely exposed to the open internet. 

ITRC CEO Eva Velasquez points out that this perfectly highlights the hidden risks of the security industry itself. When defensive companies collect stolen data to track breaches, they inadvertently create a “super-target” for threat actors, requiring high levels of security to protect the information. The good news is that the database was quickly taken down after the discovery. But the bad news is that the threat actors running these infostealer malware networks continue to rely on the fact that most people use the same or similar passwords across all their accounts. 

If your credentials are swept up in a data breach, a threat actor doesn’t need a sophisticated exploit to access your financial or personal accounts. They could just use your password. While this is a massive amount of data, there is little additional risk since it appears to include little or no newly compromised information. What this discovery does do is give all of us a chance to check our own cyber habits. Don’t wait for a breach notification. If you are still using passwords on critical accounts like your email, banking, or cloud storage, switch to passkeys. They are phishing and data breach proof and you’ll never have to remember anything to access your accounts.  

If you are reusing passwords on accounts that don’t offer passkey protections, make sure you use a password manager to change them so you have a unique password on every account. Turn on multi-factor authentication everywhere it’s offered too.  

Even the companies built to protect us from breaches make mistakes. That means the first and most important line of defense rests with our own security habits. 

If you want to know more about how to protect your personal information from infostealer malware, or if you are worried your credentials were caught up in a major data breach, you can speak with an expert ITRC advisor by phone or text at 888.400.5530 or live chat on our company website. Just visit www.idtheftcenter.org to get started. 

Thanks again to SentiLink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to podcasts. We will be back next week with a new episode of the Weekly Breach Breakdown. Until then, thanks for listening.