Or is it? At least one publication is saying that the 16 billion credentials leak is not a new data breach. Here’s their explanation for it.

I covered this story as part of Friday’s Kitchen Sink and it was referred to as perhaps “the grandaddy of them all” of data breaches.

However, according to Bleeping Computer (No, the 16 billion credentials leak is not a new data breach, written by Lawrence Abrams and available here), “one of the largest data breaches in history” “appears to just be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.”

He adds:

“To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials.

Instead, these stolen credentials were likely circulating for some time, if not for years. It was then collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet.

Cybernews, which discovered the briefly exposed datasets of compiled credentials, stated it was stored in a format commonly associated with infostealer malware, though they did not share samples”.

An infostealer is malware that attempts to steal credentials, cryptocurrency wallets, and other data from an infected device. Over the years, infostealers have become a massive problem, leading to breaches worldwide.

If someone is infected with an infostealer and has a thousand credentials saved in their browser, the infostealer will steal them all and store them in the log. These logs are then uploaded to the threat actor, where the credentials can be used for further attacks or sold on cybercrime marketplaces.

As infostealers have become so abundant and commonly used, threat actors release massive compilations for free on Telegram, Pastebin, and Discord to gain reputation among the cybercrime community or as teasers to paid offerings.

There are thousands, if not hundreds of thousands, of similarly leaked archives being shared online, resulting in billions of credentials records released for free.

Abrams conclusion: “Despite the buzz, there’s no evidence this compilation contains new or previously unseen data”.

Mashable adds in their article here: “Think of the leak as a hacker’s version of a ‘Best of’ list.”

They’re the only two articles I’ve seen so far that say the 16 billion credentials leak is not a new data breach, but the explanation seems reasonable to me.

So, what do you think? Do you think the 16 billion credentials leak is a new data breach? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.