{"id":3180,"date":"2025-06-21T19:39:09","date_gmt":"2025-06-21T19:39:09","guid":{"rendered":"https:\/\/www.europesays.com\/us\/3180\/"},"modified":"2025-06-21T19:39:09","modified_gmt":"2025-06-21T19:39:09","slug":"what-we-know-so-far-about-the-supposed-mother-of-all-data-breaches","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/us\/3180\/","title":{"rendered":"What We Know So Far About the Supposed &#8216;Mother of All Data Breaches&#8217;"},"content":{"rendered":"<p>Data breaches <a href=\"https:\/\/www.cnn.com\/2025\/06\/20\/tech\/aflac-cyberattack\" target=\"_blank\" rel=\"noopener\">are so common<\/a> these days that, when a new one gets announced, most web users can do little more than yawn and mutter something like \u201cYeah, no shit\u201d before scrolling up to the next story in their newsfeed. This week, however, a breach was announced that was allegedly so earth-shatteringly huge that it managed to break through the internet\u2019s wall of collective cynicism.<\/p>\n<p>Dubbed the \u201c<a href=\"https:\/\/www.tomsguide.com\/news\/live\/16-billion-passwords-data-breach\" target=\"_blank\" rel=\"noopener\">Mother of All Data Breaches<\/a>,\u201d the breach is said to involve some 16 billion user credentials, and impact a vast number of accounts on platforms like Facebook, Google, and Apple. The breach was initially reported by Cyber News, a site that focuses on web security, and <a href=\"https:\/\/cybernews.com\/security\/billions-credentials-exposed-infostealers-data-leak\/\" target=\"_blank\" rel=\"noopener\">was written by<\/a> the site\u2019s deputy editor and researcher, Vilius Petkauskas. The story, published Wednesday, claims that the breach represents \u201cone of the largest data breaches in history.\u201d<\/p>\n<p>Petkauskas\u2019s article describes the discovered breach as \u201ca plethora of supermassive datasets, housing billions upon billions of login credentials\u201d that have been sourced from \u201csocial media and corporate platforms to VPNs and developer portals.\u201d This data is sourced from \u201c30 exposed datasets\u201d that researchers say contains \u201ctens of millions to over 3.5 billion records each.\u201d Researchers say they were able to discover the exposed datasets due to insecure online protections, though they say the exposure was too short-lived for them to figure out who was \u201ccontrolling\u201d the data.<\/p>\n<p>\u201cThis is not just a leak \u2013 it\u2019s a blueprint for mass exploitation,\u201d said researchers interviewed by the site. \u201cWith over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.\u201d<\/p>\n<p>Cyber News\u2019s story was picked up by a number of mainstream outlets, including Forbes and Axios. However, no sooner had the news begun to circulate the internet than security professionals began to <a href=\"https:\/\/databreaches.net\/2025\/06\/20\/no-the-16-billion-credentials-leak-is-not-a-new-data-breach-a-wake-up-call-about-fake-news\/\" target=\"_blank\" rel=\"noopener\">call the article\u2019s claims into question<\/a>. According to critics, Cyber News isn\u2019t wrong per se about the number of credentials that have been exposed\u2014and that\u2019s horrifying enough news on its own. However, some watchers maintain that this isn\u2019t a new breach (nor is it really a breach in the traditional sense), it\u2019s just data from a bunch of old breaches that have been stapled together and posted online.<\/p>\n<p>\u201cTo be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials,\u201d <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/no-the-16-billion-credentials-leak-is-not-a-new-data-breach\/\" target=\"_blank\" rel=\"noopener\">writes Bleeping Computer<\/a>.<\/p>\n<p>Meanwhile, vx-underground, an informational website that posts about malware samples found around the web, <a href=\"https:\/\/x.com\/vxunderground\/status\/1936050521762087254\">tweeted about the story<\/a>, characterizing it as a \u201cfear mongering 16,000,000,000 password repackage password leak thingy which scared the normies and spread misinformation.\u201d<\/p>\n<p>Unfortunately, large breaches happen all the time and, due to the way that the cybercriminal underworld is structured around the sharing of stolen data, data from many of these breaches is traded and re-traded across websites. Sometimes, collectors of that information will compile very large dossiers of those breaches and post it as something new\u2014which is what researchers are claiming happened here.<\/p>\n<p>That said, Cyber News\u2019s story seems to contradict the claims being made by security researchers somewhat. It says that the data that has been uncovered is \u201crecent\u201d and \u201cnot merely recycled from old breaches.\u201d\u00a0The Cyber News story also now includes a disclaimer that says: \u201cThis story, based on unique Cybernews findings and originally published on the website on June 18, is constantly being updated with clarifications and additional information in response to public discourse.\u201d Gizmodo reached out to Cyber News for comment.<\/p>\n<p>The breach is still interesting for how it highlights the danger of one particular tool in the dark web cretin\u2019s toolkit, which is a malware appropriately known as the \u201cinfostealer.\u201d The infostealer\u2014just as it sounds\u2014is software that, once having infected a device, will suck out login credentials that have been saved in the computer\u2019s browser. A very effective tool, cybercriminals can use the automated tools to swiftly compile large lists of personal information that can be used for compromise operations down the road.<\/p>\n<p>Regardless of whether this involves freshly leaked credentials or not, it might be a good time to freshen up your logins. Hackers\u2019 jobs are getting easier by the day.<\/p>\n","protected":false},"excerpt":{"rendered":"Data breaches are so common these days that, when a new one gets announced, most web users can&hellip;\n","protected":false},"author":3,"featured_media":3181,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[64,734,4212,4213,67,132,68],"class_list":{"0":"post-3180","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-business","9":"tag-cybersecurity","10":"tag-dark-web","11":"tag-data-breaches","12":"tag-united-states","13":"tag-unitedstates","14":"tag-us"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@us\/114723052984405716","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/3180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/comments?post=3180"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/3180\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media\/3181"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media?parent=3180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/categories?post=3180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/tags?post=3180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}