Security Leaders Discuss Exposure of 24B Credentials

The exposure of approximately 24 billion credentials was reported on in mid-June after researchers discovered 8 terabytes of datasets containing information from previous security incidents. These incidents included:
- Previous data breaches
- Credential theft campaigns
- Infostealing malware attacks
“The sheer volume of exposed credentials is alarming, but the bigger concern is that many of these records appear to come from infostealer malware,” says Phil Wylie, Senior Consultant & Evangelist at Suzu Labs. “Unlike a traditional data breach that impacts a single company, infostealers quietly harvest credentials, session cookies, and authentication tokens directly from infected devices, creating a much broader and more difficult security challenge.
“Organizations should operate under the assumption that some credentials will eventually be exposed. Strong identity security practices, phishing-resistant MFA, endpoint protection, continuous monitoring for compromised credentials, and least privilege controls are essential. Simply changing passwords may not be enough when attackers have access to active sessions and authentication tokens.”
John Strand, Owner of Black Hills Information Security, Inc., adds, “The security industry is still spending too much time thinking about endpoints and internal networks and not enough time thinking about identity. Identity is the new perimeter. Breaches like this often get lost in the noise because they’re overshadowed by AI, a flashy new exploit, or the fact that they involve networking gear. That’s a mistake. These incidents are every bit as dangerous as the threats dominating the headlines, and every security team should be paying close attention.”
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!






