Cybersecurity researchers in South Africa told MyBroadband that South Africans should be very concerned about the discovery of the database.<\/p>\n\n\n\n
“Recently we’ve observed a lot of organisations that don’t enforce multi-factor authentication, which could result in widespread issues across South Africa and an increase in attacks,” they said.<\/p>\n\n\n\n
According to Cybernews’ report, the majority of the data appeared to come from infostealer malware logs, records stolen from infected devices and collected from Telegram channels.<\/p>\n\n\n\n
However, other portions of the massive dataset appeared to have been compiled from data exfiltrated in older breaches and other unknown sources.<\/p>\n\n\n\n
The total size of the database exceeded 8.3TB, with more than 36 sources discovered. Cybernews said it could not confirm what portion of the data was duplicated and what was original.<\/p>\n\n\n\n
“Since the data leaked online, billions of affected accounts are at serious risk of takeovers, especially if they are not protected with multi-factor authentication,” the Cybernews team warned.<\/p>\n\n\n\n
The researchers discovered the leaked database, which was stored on publicly available Elasticsearch clusters, groups of interconnected search servers.<\/p>\n\n\n\n
Nearly all of the exposed records were infostealer logs. Infostealers are malicious software that steal sensitive information remotely for cybercriminals.<\/p>\n\n\n\n
The information these infostealers obtained was stored in a raw format, with login details saved separately, including user email addresses, usernames, and passwords.<\/p>\n\n\n\n
More concerning is that the logs contained URLs linked to the login details, indicating exactly where attackers could use the credentials.<\/p>\n\n\n\n
Some of the credentials came from combined collections of data from previous breaches and from datasets leaked online, as well as datasets exported directly from live servers infected with infostealers.<\/p>\n\n\n\n
Over 1.7 billion records appeared to come from Telegram channels used by cybercriminals to share stolen credentials and details of data breaches.<\/p>\n\n\n\n
Most of the channels were English, while a small number were Russian. Some Telegram channels included in the leak had stolen credit card data, and one channel was dedicated to sharing it.<\/p>\n\n\n\n
Questions about the dataset<\/h2>\n\n\n\n![\"\"](\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Record-leak-example-1200x675.jpg\")
Sample of the infostealer logs as they appeared in the leak. Source: Cybernews<\/figcaption><\/figure>\n\n\n\nThe researchers were unable to specify how old the 24 billion records were, but some of the data suggested it could be as recent as February 2026.<\/p>\n\n\n\n
This was concluded after the team found that whoever compiled the data was also collecting news articles on cyberattacks and cybersecurity worldwide.<\/p>\n\n\n\n
About 2,900 documents on the database were logs of social media posts related to cybersecurity incidents, which points to the owner actively monitoring the cybersecurity landscape.<\/p>\n\n\n\n
The researchers said this suggested they were on the lookout for more data to add to their already vast collection of stolen and leaked credentials.<\/p>\n\n\n\n
Cybernews was unable to determine who or what owned the database, but they believe it could be a company or an individual threat actor collecting the information for “various purposes”.<\/p>\n\n\n\n
“Companies could collect this data for a monitoring service or a security check service, and threat actors could be collecting this data to aid in discovering fresh exploits to help them with data breaches,” it said.<\/p>\n\n\n\n
“The more information you have, the better, as it allows for better insights, and helps detect more relevant compromised accounts, and ways that a given target could be breached.”<\/p>\n\n\n\n
Massive datasets are highly lucrative for cybercriminals<\/h2>\n\n\n\n![\"\"](\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/05\/Fousekis-AWS.jpg\")
Dimitri Fousekis, chief technology officer and co-founder of Bitcrack Cyber Security<\/figcaption><\/figure>\n\n\n\nDimitri Fousekis, chief technology officer and co-founder of South African cybersecurity firm Bitcrack Cyber Security, told MyBroadband that cybercriminals covet large datasets for several reasons.<\/p>\n\n\n\n
“Any kind of login information is highly lucrative for criminals, as they can and do automate scripts to use these credentials in an attempt to access the website or application that they belong to,” he said.<\/p>\n\n\n\n
Essentially, criminals write programs that run thousands of credentials against websites and platforms automatically until one provides access.<\/p>\n\n\n\n
This is a quick and mostly effortless way to breach a company or platform, where they can execute other more nefarious tactics once access is gained.<\/p>\n\n\n\n
“Further, as many people re-use passwords, attackers often then switch to using this information to attempt access to other systems,” he said.<\/p>\n\n\n\n
Fousekis said that while it was not known how recent the data in the 24 billion record database was, it still posed a threat to South African users and companies.<\/p>\n\n\n\n
“South Africans should be concerned, especially if they have not changed their passwords since a leak has occurred,” he said.<\/p>\n\n\n\n
“This is often difficult, however, as they may not know their passwords were stolen.”<\/p>\n\n\n\n
He said South Africans can protect themselves from the impact of a large data leak by rotating their passwords as soon as they become aware of it.<\/p>\n\n\n\n
Secondly, enabling multi-factor authentication (MFA) on their applications and sites is recommended, as it helps protect an account even if its password is compromised.<\/p>\n\n\n\n
South Africans should also monitor for notifications about leaked credentials or usernames and passwords, and quickly address them.<\/p>\n","protected":false},"excerpt":{"rendered":"
Cybersecurity experts warn South Africans online to change their passwords after a 24 billion record 8TB data leak was discovered recently. <\/p>\n","protected":false},"author":341213,"featured_media":654860,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[1441,92099,15227,26872,50043,105175,105986,100142,23753],"class_list":["post-654649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybercrime","tag-cybernews","tag-cybersecurity","tag-data-breach","tag-data-leak","tag-dimitri-fousekis","tag-mfa","tag-multi-factor-authentication-mfa","tag-telegram"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=654649"}],"version-history":[{"count":6,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649\/revisions"}],"predecessor-version":[{"id":655113,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649\/revisions\/655113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/654860"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=654649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=654649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=654649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
The researchers were unable to specify how old the 24 billion records were, but some of the data suggested it could be as recent as February 2026.<\/p>\n\n\n\n
This was concluded after the team found that whoever compiled the data was also collecting news articles on cyberattacks and cybersecurity worldwide.<\/p>\n\n\n\n
About 2,900 documents on the database were logs of social media posts related to cybersecurity incidents, which points to the owner actively monitoring the cybersecurity landscape.<\/p>\n\n\n\n
The researchers said this suggested they were on the lookout for more data to add to their already vast collection of stolen and leaked credentials.<\/p>\n\n\n\n
Cybernews was unable to determine who or what owned the database, but they believe it could be a company or an individual threat actor collecting the information for “various purposes”.<\/p>\n\n\n\n
“Companies could collect this data for a monitoring service or a security check service, and threat actors could be collecting this data to aid in discovering fresh exploits to help them with data breaches,” it said.<\/p>\n\n\n\n
“The more information you have, the better, as it allows for better insights, and helps detect more relevant compromised accounts, and ways that a given target could be breached.”<\/p>\n\n\n\n
Massive datasets are highly lucrative for cybercriminals<\/h2>\n\n\n\nDimitri Fousekis, chief technology officer and co-founder of Bitcrack Cyber Security<\/figcaption><\/figure>\n\n\n\nDimitri Fousekis, chief technology officer and co-founder of South African cybersecurity firm Bitcrack Cyber Security, told MyBroadband that cybercriminals covet large datasets for several reasons.<\/p>\n\n\n\n
“Any kind of login information is highly lucrative for criminals, as they can and do automate scripts to use these credentials in an attempt to access the website or application that they belong to,” he said.<\/p>\n\n\n\n
Essentially, criminals write programs that run thousands of credentials against websites and platforms automatically until one provides access.<\/p>\n\n\n\n
This is a quick and mostly effortless way to breach a company or platform, where they can execute other more nefarious tactics once access is gained.<\/p>\n\n\n\n
“Further, as many people re-use passwords, attackers often then switch to using this information to attempt access to other systems,” he said.<\/p>\n\n\n\n
Fousekis said that while it was not known how recent the data in the 24 billion record database was, it still posed a threat to South African users and companies.<\/p>\n\n\n\n
“South Africans should be concerned, especially if they have not changed their passwords since a leak has occurred,” he said.<\/p>\n\n\n\n
“This is often difficult, however, as they may not know their passwords were stolen.”<\/p>\n\n\n\n
He said South Africans can protect themselves from the impact of a large data leak by rotating their passwords as soon as they become aware of it.<\/p>\n\n\n\n
Secondly, enabling multi-factor authentication (MFA) on their applications and sites is recommended, as it helps protect an account even if its password is compromised.<\/p>\n\n\n\n
South Africans should also monitor for notifications about leaked credentials or usernames and passwords, and quickly address them.<\/p>\n","protected":false},"excerpt":{"rendered":"
Cybersecurity experts warn South Africans online to change their passwords after a 24 billion record 8TB data leak was discovered recently. <\/p>\n","protected":false},"author":341213,"featured_media":654860,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[1441,92099,15227,26872,50043,105175,105986,100142,23753],"class_list":["post-654649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybercrime","tag-cybernews","tag-cybersecurity","tag-data-breach","tag-data-leak","tag-dimitri-fousekis","tag-mfa","tag-multi-factor-authentication-mfa","tag-telegram"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=654649"}],"version-history":[{"count":6,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649\/revisions"}],"predecessor-version":[{"id":655113,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649\/revisions\/655113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/654860"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=654649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=654649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=654649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Dimitri Fousekis, chief technology officer and co-founder of South African cybersecurity firm Bitcrack Cyber Security, told MyBroadband that cybercriminals covet large datasets for several reasons.<\/p>\n\n\n\n
“Any kind of login information is highly lucrative for criminals, as they can and do automate scripts to use these credentials in an attempt to access the website or application that they belong to,” he said.<\/p>\n\n\n\n
Essentially, criminals write programs that run thousands of credentials against websites and platforms automatically until one provides access.<\/p>\n\n\n\n
This is a quick and mostly effortless way to breach a company or platform, where they can execute other more nefarious tactics once access is gained.<\/p>\n\n\n\n
“Further, as many people re-use passwords, attackers often then switch to using this information to attempt access to other systems,” he said.<\/p>\n\n\n\n
Fousekis said that while it was not known how recent the data in the 24 billion record database was, it still posed a threat to South African users and companies.<\/p>\n\n\n\n
“South Africans should be concerned, especially if they have not changed their passwords since a leak has occurred,” he said.<\/p>\n\n\n\n
“This is often difficult, however, as they may not know their passwords were stolen.”<\/p>\n\n\n\n
He said South Africans can protect themselves from the impact of a large data leak by rotating their passwords as soon as they become aware of it.<\/p>\n\n\n\n
Secondly, enabling multi-factor authentication (MFA) on their applications and sites is recommended, as it helps protect an account even if its password is compromised.<\/p>\n\n\n\n
South Africans should also monitor for notifications about leaked credentials or usernames and passwords, and quickly address them.<\/p>\n","protected":false},"excerpt":{"rendered":"
Cybersecurity experts warn South Africans online to change their passwords after a 24 billion record 8TB data leak was discovered recently. <\/p>\n","protected":false},"author":341213,"featured_media":654860,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[1441,92099,15227,26872,50043,105175,105986,100142,23753],"class_list":["post-654649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybercrime","tag-cybernews","tag-cybersecurity","tag-data-breach","tag-data-leak","tag-dimitri-fousekis","tag-mfa","tag-multi-factor-authentication-mfa","tag-telegram"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=654649"}],"version-history":[{"count":6,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649\/revisions"}],"predecessor-version":[{"id":655113,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/654649\/revisions\/655113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/654860"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=654649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=654649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=654649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}