Video summary

24 BILLION Records Got Leaked...

Main summary

Key takeaways

News and Commentary

Overview

A major cybersecurity breach has reportedly exposed 24 billion records—described as potentially the largest data leak of all time—breaking down into stolen credential data and account access information.

What was leaked and why it matters

  • The dataset includes usernames, email addresses, plaintext passwords, and login URLs.
  • The records appear to come largely from infostealer malware logs and other sources, including:
    • data stolen from infected devices
    • data scraped from Telegram channels
    • breach compilation collections
    • “local database dumps” (suggesting direct exports from live target systems)

Researchers warn that the sheer scale puts billions of accounts at risk of takeover, especially for users without multi-factor authentication (MFA).

Where the data was found

  • Cybernews researchers say they identified the leak in an exposed public Elasticsearch cluster.
  • The cluster reportedly contained over 8.3–8.0+ terabytes of data.
  • They identified 36 distinct sources feeding the dataset, with most coming from Telegram channels (including English- and Russian-language channels).

Breakdown of the largest sources (as reported)

  • ~22.6B from a source labeled “collections”
  • ~1.7B from Telegram channels
  • ~146.5M from “breach compilation combo”
  • ~15.8M from “local database dumps”
  • Some Telegram sources were tied to other cybercrime, including one associated with DarkSide (a former major ransomware group linked to the Colonial Pipeline attack), implying the leaked material could support both credential theft and broader disruption.

Evidence of broader malicious capability

A smaller subset includes ~17,000 records with CVE vulnerability IDs, descriptions, and GitHub repository links, suggesting the leak may include more than just credentials—potentially supporting exploit development or targeting.

Uncertainties and possible motives

Researchers couldn’t determine:

  • how old the data was
  • the identity of the data owner
  • the exact services exposed inside some categories

The leak may be ongoing, since the data appears to be updated regularly (based on February 2026 content).

Possible motives proposed:

  • legitimate-style monitoring/security services
  • or threat actors hoarding data to improve breach success and discover new exploitation paths

Recommended user actions

The commentary emphasizes immediate defensive steps:

  • Change reused passwords, starting with high-value accounts (email, social media, cloud, banking).
  • Enable MFA/2FA wherever possible.
  • Use a password manager and strong, unique passwords.
  • Watch out for phishing (including messages offering to verify whether your data was exposed).
  • Avoid clicking suspicious links/attachments and keep systems updated.
  • Additional advice mentioned includes using VPNs and optionally using second-number apps for 2FA.

Link to ID-age-verification concerns

The discussion connects the leak to growing ID-age verification / social media restrictions in multiple countries, arguing that if personal identifiers ever get centralized online, the harm from large-scale leaks could be far worse than credential theft alone.

Presenters or contributors

  • Cybernews research team (reported authors of the investigation)
  • Unspecified video narrator/host (the speaker giving additional advice and commentary; no name provided in the subtitles)

Original video