Distributed in a Structured Format Including Login Details
"Potential for Large-Scale Abuse Beyond Simple Data Leaks" Pointed Out
Recent analysis has revealed that billions of user account records from major global online platforms have been collected through malware and are now being traded on the dark web. The scope reportedly includes not only global big tech companies such as Google, Facebook, Apple, and Telegram, but also government agency services.
On June 19 (local time), U.S. business media outlet Fortune cited a report from cybersecurity media Cybernews, stating that a total of 30 large-scale leaked datasets were discovered in an investigation conducted since the beginning of the year. Some of these datasets contained up to 3.5 billion user login credentials, with the total volume estimated to reach approximately 16 billion records.
The leaked data includes a significant amount of previously undisclosed information and covers accounts from various sectors such as social media, VPNs, and developer platforms. The data structure consists of URL, login ID, and password, which experts say matches the collection methods used by the latest infostealer malware.
The Cybernews research team warned that this is more than just a simple data leak, stating, "This data provides attackers with a foothold to exploit security vulnerabilities and attempt widespread abuse." They emphasized that the information could be used for phishing, account hijacking, and automated intrusion attempts, urging users to exercise particular caution.
The origin and scale of each dataset also varied. Data believed to have originated from Telegram contained more than 60 million account records, while a dataset related to Russia amounted to about 455 million records. One dataset analyzed as being associated with Portuguese-speaking users reportedly included over 3.5 billion records.
Darren Guccione, CEO of Keeper Security, pointed out, "This incident once again demonstrates how much personal information can be exposed online in a vulnerable state."
A significant portion of the leaked information is already being distributed on the dark web, with some evidence suggesting that real-time transactions are taking place. Experts are advising users to take immediate action. On the same day, U.S. Forbes relayed security experts' advice to "change all account passwords to unique and complex forms and ensure that two-factor authentication is enabled."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
