24 Billion Stolen Records Exposed Online: What You Need to Do Now

Cybersecurity researchers have uncovered one of the largest collections of stolen personal data ever found online, in a discovery that experts say means virtually everyone is likely to have had some personal information exposed.

Researchers at Cybernews found a publicly exposed database containing 24 billion records, totalling more than 8.3 terabytes of data. The find, reported by cybersecurity firm Malwarebytes, was drawn from 36 separate sources, including numerous Telegram channels, prior breach compilations, collections of infostealer logs, and some datasets apparently exported directly from live servers.

The database has since been taken offline, but security experts warn the information may still be in circulation among cybercriminals.

What Was in the Database?

Some records were structured infostealer logs containing usernames, email addresses, plaintext passwords, and the associated login addresses. A single infected device can produce a log containing passwords stored across all browsers, active session cookies and tokens (including those that bypass multi-factor authentication), autofill data, device fingerprints, and sometimes crypto wallets or messaging accounts.

Roughly 1.7 billion of the records came from hacking-related Telegram channels, mainly in English and Russian, with at least one channel focused on stolen credit card data.

What Should You Do Now?

Malwarebytes is advising all internet users to take the following steps.

Check whether your email address or passwords have been exposed using an online data breach checker. Malwarebytes offers its Digital Footprint Scanner for this purpose.

If any of your passwords have been exposed, change them immediately and do not reuse the same password across multiple accounts. Prioritise accounts linked to email, banking, shopping, and social media.

Enable multi-factor authentication (MFA) wherever possible. Even if a password has been exposed, MFA can help protect accounts from unauthorised access.

How to Protect Yourself Going Forward

Infostealers commonly spread through malicious ads, fake browser updates, and one-click downloads. Visit official websites directly rather than clicking sponsored links, and download software only from trusted sources such as official vendor sites or app stores.

Be cautious of so-called "ClickFix" attacks, a technique in which users are tricked into infecting their own devices. Never run commands or scripts copied from websites, emails, or messages unless you trust the source and understand what they do.

Phishing emails remain a major threat. Be cautious of unexpected attachments, links, and urgent requests, and verify any suspicious message by going directly to the company's official website rather than clicking a link in the message.