A massive trove of more than 16 billion login credentials from leading online service providers, including Apple, Google and Facebook, was leaked, with potential consequences for crypto holders.

According to a Friday report, the Cybernews research team reviewed “30 exposed data sets containing from tens of millions to over 3.5 billion records each.” All together, that came around to “a humongous 16 billion exposed login credentials.”

“None of the exposed data sets were reported previously, bar one […] a ‘mysterious database’ with 184 million records,” the report reads. Most of the databases contained an average of 550 million entries, while the smallest held over 16 million.

Cybernews warned that this could serve as the basis for “mass exploitation” by providing “fresh, weaponizable intelligence at scale.” Most of the data was reportedly exposed by unsecured Elasticsearch or object-storage instances.

Most major services hit

Cybernews said the data allows access to “pretty much any online service imaginable, from Apple, Facebook and Google, to GitHub, Telegram and various government services.” The data also includes infostealer dumps, including tokens, cookies and metadata, making it particularly dangerous for organizations lacking multifactor authentication.

According to the report, the original owner of the data is unclear. Still, “it’s virtually guaranteed that some of the leaked data sets were owned by cybercriminals.”