Thai Times

Covering the Thai Renaissance
Tuesday, Jul 15, 2025

16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach

Security researchers confirm freshly stolen passwords from dozens of platforms now circulating online
Security researchers have identified an unprecedented leak encompassing approximately 16 billion user credentials, marking the largest such exposure on record.

The newly discovered databases comprise some 30 distinct datasets, each containing tens of millions to several billion records.

The information is believed to be obtained via infostealer malware campaigns targeting browser-saved credentials, session data, and cookies in real time.

This collection includes login details from major tech platforms—among them Apple, Google, Facebook, GitHub, and Telegram—as well as from VPN services, developer portals, online marketplaces, and government systems.

Each record reportedly combines URL, username or email, and password, enabling direct reuse for phishing or credential-stuffing attacks.

Cybercrime analysts describe the dataset as largely new, rather than recycled from earlier breaches.

The presence of intact login sequences and freshly stolen session tokens is cited as evidence of active malware operations in 2025.

The leak is said to have surfaced across underground forums and marketplaces in plain-text form, elevating its potential for automated exploitation.

Additionally, broader industry analysis during 2024–25 has catalogued over 19 billion leaked passwords across more than 200 breaches, with only around 6 percent being unique.

A staggering 94 percent of the datasets comprised reused or common credentials, with examples such as “123456,” “password,” and “admin” appearing hundreds of millions of times.

The reuse of credentials across accounts enables high-volume automated attacks, commonly referred to as credential stuffing, which carry success rates of up to 2 percent per million attempted logins.

Weak passwords remain prevalent: around 42 percent of entries are only 8–10 characters long, and roughly 27 percent use solely lowercase letters and digits.

The root cause of the leak is ascribed to infostealer malware.

These tools infiltrate endpoints and harvest sensitive credentials before packaging them into standardized databases for distribution in criminal marketplaces.

Analysts warn that the scale and freshness of this leak create a “blueprint for mass exploitation,” with direct applicability to phishing, account takeover, identity theft, and enterprise intrusion campaigns.

Platforms across sectors—financial services, healthcare, social media, government—face heightened risk as attackers deploy automated login attempts using the leaked credentials.

In prior incidents, such as between April 2024 and April 2025, over 3 terabytes of raw leaked data were analysed, revealing the systemic vulnerability posed by credential reuse worldwide.

Research emphasises that even simple dictionary-style passwords enable rapid account breaches when combined with attacker-owned automation systems.

The leak also echoes earlier megabreaches, such as the “RockYou2024” archive containing nearly 10 billion passwords compiled from two decades of incident data.

However, the current 16 billion-credential exposure is distinguished by its proximity in time and volume of nascent threat intelligence.

This situation illustrates the expanding role of malware-based exfiltration in complementing traditional data breach strategies, and paints a picture of rapidly circulating credential data re-entering the attacker economy almost in real time.
Newsletter

Related Articles

0:00
0:00
Close
Thailand’s Sukiyaki Sector Enters Intensifying Price Competition
Thailand Strengthens Oversight of Major E‑commerce Platforms
Thailand's Destination Thailand Visa Generates Strong Demand for Remote Workers
Google Secures Windsurf AI Coding Team in $2.4 Billion Licence Deal
China and U.S. Diplomatic Engagement at ASEAN Foreign Ministers' Meeting
Jamie Dimon Warns Europe Is Losing Global Competitiveness and Flags Market Complacency
Nvidia CEO Claims Chinese Military Reluctance to Use US AI Technology
Hong Kong Advances Digital Asset Strategy to Address Economic Challenges
Thailand’s Digital Nomad Visa Registers Over 35,000 Applicants in First Year
Thailand Launches Fast‑Track Immigration Lanes for Chinese Students and Families
Olympic Gymnast Sunisa Lee Embraces Thai Getaway and Shares Fitness Routine
Thailand Launches Workation Paradise Throughout Thailand Season 3
Thai Communities Showcase ESG Initiatives Through 'Village to the World'
Thailand and Bhutan Enhance Sustainable Tourism Cooperation
Thailand Eases Alcohol Restrictions in Key Venues While Retaining Nationwide Hours
Rubio Assures ASEAN of Preferential Tariff Treatment Amid US Trade Strategy
Australia Rules Out Pre‑commitment of Troops, Reinforces Defence Posture Amid US‑China Tensions
US and China Restart High-Level Dialogue During ASEAN Summit in Kuala Lumpur
Philippines Proposes Tax on Online Gambling Amid Growing Support
Martha Wells Says Humanity Still Far from True Artificial Intelligence
Nvidia Becomes World’s First Four‑Trillion‑Dollar Company Amid AI Boom
Taiwan’s Distant‑Water Fishing Industry Under Scrutiny for Migrant Worker Abuse
EU Delays Retaliatory Tariffs Amid New U.S. Threats on Imports
Renault Shares Drop as CEO Luca de Meo Announces Departure Amid Reports of Move to Kering
Thailand's Senate Intensifies Efforts Against Online Scams with New Committee Proposal
All 125 Members of Cambodia’s National Assembly Approve Amendment to Allow Citizenship Revocation for Acts of Treason
Thailand Launches AI-Driven TISI Watch to Monitor Online Goods
Ambassador of Thailand visits Iowa, talks expanding agricultural trade with state
A 92-year-old woman, who felt she doesn't belong in a nursing home, escaped the death-camp by climbing a gate nearly 8 ft tall
Muay Thai Secures Place in 2027 Military World Games
Trump Administration Targets Chinese Influence in Agriculture
Thai Massage Therapists in UAE Set to Obtain Global Certification
Cambodia crime ring: Thailand Records Over 175,000 Online Crime Cases in First Half of 2025
US Opens First Rare Earth Mine in Over 70 Years in Wyoming
Thai Military Rejects False Reports of Troop Withdrawal Along Border
China Offers Mediation in Thailand-Cambodia Border Dispute
Bitcoin Reaches New Milestone of $116,000
Biden’s Doctor Pleads the Fifth to Avoid Self-Incrimination on President’s Medical Fitness
Foreign Investment Drives Land Price Surge in Thailand's Eastern Economic Corridor
Thai Court Denies Nestlé's Request to Appoint Asset Manager in Joint Venture Dispute
Ubon Ratchathani Candle Festival 2025 Illuminates Northeastern Thailand
Thousands Gather to Celebrate Viral Hippo Moo Deng's First Birthday in Thailand
Thailand's Motorcycle Industry Faces Challenges in Second Half of 2025
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
Thai Industry Faces Economic Challenges Amidst Policy Negotiations
Thai-Chinese Chamber of Commerce Projects GDP Growth Between 1.5% and 1.8% for 2025
Thai Airways Confirms No Plans to Resume Direct US Flights Amid Ongoing Tariff Discussions
×