Unauthorized Access to 16 Billion Login Credentials Puts Cryptocurrency Wallets at Risk from Hacking
In a startling revelation, Cybernews researchers have uncovered a trove of data containing 16 billion login credentials, adding to the 30 massive datasets the team has identified since January. This new discovery underscores the widespread impact of infostealer malware and the persistent threat it poses in 2025.
The leaked datasets, which span various platforms including social media accounts, corporate systems, VPN services, and developer platforms, represent a significant threat to the security of user accounts and digital infrastructure. The exposures go beyond simple data leaks, representing a blueprint for widespread and systematic exploitation.
The structure of the leaked datasets suggests they are fresh and weaponizable intelligence at scale. The exposed data in the leaked datasets follows a consistent format, typically listing a URL, then a username and password. This trove of data could be used for account takeover, identity theft, and highly targeted phishing.
The majority of data in the leaked sets combine information harvested by stealer malware, credential stuffing attacks, and recycled data from previous breaches. Though some leaked credentials may be old and less useful due to companies’ routine credential rotation, even a single compromised email account can enable significant breaches.
One of the most prominent examples of infostealer malware is the Lumma Stealer, one of the most prolific infostealers. Despite a major disruption in early 2025 when authorities seized about 2,300 malicious domains forming its command infrastructure, Lumma has quietly resurged with more stealthy delivery methods, such as abusing GitHub and fake CAPTCHA sites, and shifted to covert channels away from public forums to evade detection.
The recent leak of 16 billion login credentials fuels a huge underground market for stolen data, enhancing risks of ransomware, identity theft, and corporate espionage. Organizations face elevated risks from infostealers as even old or partial logs can enable costly cyberattacks and data breaches. Real-world impacts seen in 2025 include ransomware attacks on major organizations like Jaguar Land Rover and data breaches at Royal Mail and Samsung Germany, where infostealer-obtained credentials facilitated large-scale data exfiltration and exposure.
The current status of infostealer malware remains highly active and impactful in 2025, despite recent law enforcement takedown efforts. Infostealer attacks increased by 58% in the past year, driven by a thriving malware-as-a-service (MaaS) ecosystem that enables criminals to buy and sell stolen credentials or malware access easily. The rise of AI techniques further amplifies the threat by making refined, targeted phishing possible with stolen info.
In summary, the discovery of this massive trove of data underscores the persistent threat of infostealer malware. Even as authorities work to disrupt these operations, infostealers continue to evolve and pose a significant cybersecurity challenge in 2025. Organizations must remain vigilant and take steps to secure their digital infrastructure and protect their users’ data.
[1] Infostealer Malware on the Rise: A Threat Intelligence Report [2] Lumma Stealer: A Persistent Threat Despite Takedown Efforts [3] The Impact of Infostealer Malware on Corporations in 2025 [4] The Risks of 16 Billion Leaked Login Credentials
- The 16 billion leaked login credentials, found in the trove of data, can be used maliciously by cybercriminals for purposes such as account takeover, identity theft, and highly targeted phishing, posing a significant threat to the security of user accounts and digital infrastructure.
- The recent surge in infostealer malware, like the Lumma Stealer, can fuel a black market for stolen data, enhancing risks of ransomware, identity theft, and corporate espionage, making it crucial for organizations to remain vigilant and take steps to secure their technology and protect their users’ data.
