Every couple of months, massive password dumps dominate headlines, causing businesses and individuals to panic and immediately assume they’re under attack. But the truth is, all of these events are just credential landfills: data from old hacks being re-disclosed as massive new breaches.
A new set of 16 billion login credentials is not an intentional public leak or data breach. It was accidentally exposed to the internet via improperly secured Elasticsearch and object storage instances for a short period, but long enough for security researchers to hit upon it.
Hackers stole and published the login credentials of major tech and Fortune 500 companies, accessed CCTV cameras, and probed portals after breaching two large data centers in Asia.



