Massive Login Credential Breach Hits Services Like Apple and Google, Potentially Impacting Cryptocurrency Holders

The Cybernews research team has revealed that 16 billion login credentials from online service providers such as Apple, Google, and Facebook have been leaked, with a single database containing up to 3.5 billion records. Researchers found that these data were mainly exposed through unencrypted Elasticsearch or object storage instances, and the leaked information includes access tokens, session cookies, and account metadata stolen by infostealer malware.
This incident poses a serious threat to the cryptocurrency industry: attackers may exploit the leaked credentials to launch targeted account takeovers, especially against platforms with custodial wallets or linked email accounts. The risk is further amplified by some wallets allowing mnemonic phrases to be backed up to cloud services. Security experts recommend users immediately update their passwords, enable two-factor authentication, and avoid storing recovery phrases in insecure digital environments. The identity of the original data holders remains unclear, but researchers have confirmed that some databases may belong to cybercriminal organizations. (Cointelegraph)