A massive data leak has exposed 24 billion stolen credentials, including usernames, emails, and plaintext passwords, mainly from infostealers and Telegram channels associated with cybercrime. Researchers discovered an Elasticsearch cluster with over 8.3 terabytes of data containing records from various sources, predominantly Telegram, with a significant portion tied to previous breaches.
While 22.6 billion records stem from vaguely labeled "collections", around 1.7 billion are linked to cybercriminal Telegram channels. The breach significantly heightens the risk of account takeovers for affected individuals, especially if they lack multi-factor authentication. The database has been taken offline, complicating further investigations into its contents.