6.8 Billion Credentials Leaked in One of History’s Largest Data Dumps
A threat actor known as Addka72424 has released a staggering 6.8 billion email-password pairs one of the largest credential dumps ever recorded freely available on underground forums. Unlike a single breach, this dataset is a compilation of stolen credentials from dozens of prior incidents, stitched together into a searchable, weaponized database. Security researchers have confirmed its authenticity, warning that the leak provides cybercriminals with an unprecedented attack surface for credential-stuffing campaigns.
The Scale and Mechanics of the Leak
The dataset is not the result of a new breach but rather an aggregation of years of compromised data, deduplicated and repackaged for maximum utility. Credential stuffing where attackers automate login attempts using stolen credentials remains a highly effective attack vector due to widespread password reuse. Even a <1% success rate across 6.8 billion records could compromise tens of millions of accounts, granting access to email, banking, corporate VPNs, and cloud services.
Who Is Behind the Attack?
The identity of Addka72424 remains unknown, but their motives appear to blend notoriety-seeking with disruption of the underground data economy. By releasing the dataset for free rather than selling it they may be attempting to undermine paid credential markets while establishing dominance in hacking circles. Similar tactics were seen in the 2019 "Collection #1" leak, which exposed 773 million unique emails.
The Credential Reuse Crisis
The leak arrives as organizations already struggle with stolen credentials as the top initial attack vector, responsible for nearly 50% of data breaches (per Verizon’s 2024 report). Despite repeated warnings, password reuse remains rampant 85% of users admit to reusing passwords across sites (Bitwarden, 2023). Enterprises face heightened risk when employees use corporate emails for third-party services, as breaches in those services can expose credentials used to probe internal systems.
Regulatory and Security Implications
The leak triggers urgent compliance concerns, particularly under GDPR (72-hour breach notification) and SEC cybersecurity disclosure rules (4-day reporting for material incidents). Organizations must assess exposure, enforce password resets, and accelerate multi-factor authentication (MFA) adoption though MFA remains underutilized, with only 37% of Azure AD accounts protected (Microsoft, 2023).
A Broken Authentication System
The incident underscores the fundamental flaws of password-based security, long deemed obsolete by experts. While passkey standards (FIDO Alliance) offer a promising alternative, adoption remains slow. Until then, the 6.8 billion leaked credentials serve as a stark reminder that no password is truly private and defenses must assume breach as the baseline.
Verizon cybersecurity rating report: https://www.rankiteo.com/company/verizon
"id": "VER1771008392",
"linkid": "verizon",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Tens of millions (potential)',
'industry': ['Multiple'],
'location': 'Global',
'type': 'Global Users'}],
'attack_vector': 'Credential Stuffing',
'data_breach': {'number_of_records_exposed': '6.8 billion',
'personally_identifiable_information': 'Email addresses',
'sensitivity_of_data': 'High (credentials for critical '
'services)',
'type_of_data_compromised': 'Email-password pairs'},
'description': 'A threat actor known as *Addka72424* has released a '
'staggering 6.8 billion email-password pairs, one of the '
'largest credential dumps ever recorded, freely available on '
'underground forums. This dataset is a compilation of stolen '
'credentials from dozens of prior incidents, stitched together '
'into a searchable, weaponized database. The leak enables '
'credential-stuffing campaigns due to widespread password '
'reuse.',
'impact': {'brand_reputation_impact': 'Potential damage due to increased risk '
'of account takeovers',
'data_compromised': '6.8 billion email-password pairs',
'identity_theft_risk': 'High',
'legal_liabilities': 'Compliance concerns under GDPR and SEC '
'cybersecurity disclosure rules',
'operational_impact': 'Heightened risk of unauthorized access to '
'corporate and personal accounts',
'systems_affected': ['Email accounts',
'Banking services',
'Corporate VPNs',
'Cloud services']},
'lessons_learned': 'The incident underscores the fundamental flaws of '
'password-based security and the risks of password reuse. '
'Defenses must assume breach as the baseline.',
'motivation': ['Notoriety-seeking', 'Disruption of underground data economy'],
'post_incident_analysis': {'corrective_actions': ['Enforce MFA',
'Adopt passkey standards',
'Assume breach as baseline'],
'root_causes': ['Password reuse',
'Lack of MFA adoption',
'Aggregation of prior breaches']},
'recommendations': ['Enforce password resets for potentially affected '
'accounts',
'Accelerate adoption of multi-factor authentication (MFA)',
'Adopt passkey standards (FIDO Alliance) as an '
'alternative to passwords',
'Assume breach as the baseline for security defenses'],
'references': [{'source': 'Verizon’s 2024 Data Breach Investigations Report'},
{'source': 'Bitwarden (2023) Password Reuse Study'},
{'source': 'Microsoft (2023) Azure AD MFA Adoption Report'},
{'source': "2019 'Collection #1' Leak"}],
'regulatory_compliance': {'regulations_violated': ['GDPR',
'SEC cybersecurity '
'disclosure rules'],
'regulatory_notifications': ['72-hour breach '
'notification (GDPR)',
'4-day reporting for '
'material incidents '
'(SEC)']},
'response': {'containment_measures': ['Password resets',
'Enforcement of multi-factor '
'authentication (MFA)'],
'remediation_measures': ['Accelerate MFA adoption',
'Assess exposure']},
'threat_actor': 'Addka72424',
'title': '6.8 Billion Credentials Leaked in One of History’s Largest Data '
'Dumps',
'type': 'Credential Leak',
'vulnerability_exploited': 'Password Reuse'}