Massive Data Breach Exposes 16 Billion Records from Major Platforms
Security researchers have uncovered a staggering 30 unsecured databases containing 16 billion records, marking one of the largest data breaches to date. The compromised data, likely harvested by infostealer malware, includes credentials and sensitive information from major providers such as Apple, Google, VPN services, GitHub, and Telegram.
The datasets varied in size, with some holding billions of records, while only one—an 184-million-record database—had been previously reported. Researchers noted that new datasets of this scale emerge every few weeks, underscoring the widespread use of infostealer malware. Though the databases were briefly exposed before being secured, their owners remain unidentified.
Due to overlapping records, the exact number of affected individuals is unclear, but the breach highlights a persistent issue: unprotected databases remain a leading cause of data leaks. Many organizations fail to secure cloud-stored data, despite warnings about shared responsibility models in cloud security.
Cybercriminals exploit such breaches to craft highly targeted phishing attacks, leading to identity theft, financial fraud, and ransomware infections. The incident serves as a stark reminder of the escalating threat posed by infostealer malware and unsecured data storage.
GitHub TPRM report: https://www.rankiteo.com/company/Github
Google TPRM report: https://www.rankiteo.com/company/google
Telegram TPRM report: https://www.rankiteo.com/company/telegram-messenger
Apple TPRM report: https://www.rankiteo.com/company/appleinc
"id": "Gitgootelapp1767778284",
"linkid": "Github, google, telegram-messenger, appleinc",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology',
'name': 'Apple',
'type': 'Technology'},
{'industry': 'Technology',
'name': 'Google',
'type': 'Technology'},
{'industry': 'Cybersecurity/Networking',
'name': 'VPN services',
'type': 'Technology'},
{'industry': 'Software Development',
'name': 'GitHub',
'type': 'Technology'},
{'industry': 'Messaging/Communication',
'name': 'Telegram',
'type': 'Technology'}],
'attack_vector': 'Unprotected databases',
'customer_advisories': 'Users are advised to check if their accounts were '
'compromised using tools like HaveIBeenPwned? and to '
'secure their credentials with password managers.',
'data_breach': {'number_of_records_exposed': '16 billion',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes login credentials and '
'PII)',
'type_of_data_compromised': ['Account credentials',
'Personally identifiable '
'information']},
'description': 'Researchers discovered 30 databases containing a total of 16 '
'billion records online, likely generated by infostealers. The '
'records include accounts from major providers like Apple, '
'Google, VPN services, GitHub, Telegram, and more. Most '
'datasets were previously unreported, and new ones emerge '
'frequently, indicating the prevalence of infostealer malware.',
'impact': {'brand_reputation_impact': 'Potential damage to affected providers '
'(e.g., Apple, Google, VPN services)',
'data_compromised': '16 billion records',
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Probable (data likely '
'used for phishing, '
'identity theft, etc.)'},
'lessons_learned': 'Organizations must better understand the shared '
'responsibility model of cloud services to secure their '
'data. Unprotected databases remain a leading cause of '
'data leaks.',
'motivation': 'Data theft for phishing, identity theft, wire fraud, and '
'ransomware attacks',
'post_incident_analysis': {'corrective_actions': 'Enhanced cloud security '
'configurations, better user '
'education on data '
'protection, and regular '
'security audits',
'root_causes': 'Misconfigured cloud databases due '
'to lack of understanding of the '
'shared responsibility model'},
'recommendations': ['Use tools like HaveIBeenPwned? to check for compromised '
'accounts.',
"Use Google's Password Checkup tool or a password manager "
'to secure login credentials.',
'Implement stricter cloud security configurations to '
'prevent database exposures.'],
'references': [{'source': 'Cybernews'}, {'source': 'TechRadar Pro'}],
'response': {'containment_measures': 'Databases were locked down after brief '
'exposure'},
'threat_actor': 'Cybercriminals (infostealer malware operators)',
'title': 'Massive Data Breach: 30 Databases with 16 Billion Records Exposed '
'Online',
'type': 'Data Breach',
'vulnerability_exploited': 'Misconfigured cloud databases (shared '
'responsibility model misunderstanding)'}