A massive online database containing 24 billion records was found publicly accessible. Here’s what happened, why it matters, and how you can better protect your personal information.
Table of Contents
What Happened?
The database was found in an Elasticsearch cluster (a system used to store and search large amounts of information) and was taken offline by June 15, 2026. Most of the records appeared to come from infostealer logs (data collected by malware that steals information from infected devices).
Researchers said the records came from 36 different sources, including Telegram channels, previous breach collections, and database exports from live systems. They could not determine who owned the database.
Who Was Affected and What Data Was Leaked?
Researchers have not yet confirmed how many unique people were affected because the database likely contained duplicate records. However, the collection included billions of login credentials from many online services.
The leaked information included:
- Email addresses
- Usernames
- Passwords stored in plain text
- Login URLs (web addresses used to access accounts)
- Information gathered from infostealer malware logs
Researchers also found records linked to previous breach collections and data gathered from cybercrime-focused Telegram channels. Some records appeared to contain information taken directly from database exports.
Data leaks can continue causing problems long after the original incident disappears from the headlines. Information such as email addresses, usernames, and passwords can help criminals access accounts, send convincing phishing emails, or attempt identity theft.
Many people focus on large incidents in the news but may not realize their information was leaked in other breaches years ago. If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
Futureproof monitors your data for leaks 24/7 and helps you reduce scam risks with simple, clear steps.
Futureproof keeps your data safer with simple guidance to set a strong password, turn on 2-step verification, and lock down your account.
Check my safetyHow Did the Data End Up Online?
The report does not describe a single attack against one company. Instead, researchers believe the database collected information from many different sources over time.
Most of the records appear to have come from infostealer malware. Infostealers are harmful programs that secretly collect usernames, passwords, cookies, and other sensitive information from infected devices.
- Researchers also found data linked to:
- Telegram channels sharing stolen credentials
- Previous breach compilations
- Large credential collections
- Database exports from live systems
At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
