Show Notes
Follow on LinkedIn: linkedin.com/company/idtheftcenter/
Follow on Instagram: instagram.com/idtheftcenter/
Follow on Facebook: facebook.com/IDTheftResourceCenter/
Follow on X: twitter.com/IDTheftCenter
Follow on TikTok: www.tiktok.com/@idtheftcenter_
Follow on YouTube: www.youtube.com/@IDTheftCenter
Show Transcript
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 10, 2026. I'm Tim Walden. Thanks to SentiLink for their continued support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy.
This week, we are looking at one of the largest data exposures ever recorded, and it comes with a massive dose of irony. Researchers at Cybernews recently uncovered an open database holding a jaw-dropping 24 billion records, totaling more than 8.3 terabytes of personal information left completely unprotected on the web.
While that sounds scary, the reality is this kind of identity compromise doesn’t actually create any additional risk for most people. That’s because the information was a collection of previously stolen data.
The vast majority of this data consisted of "infostealer logs." These logs contained raw usernames, email addresses, target login URLs and passwords sitting in plain text believed to have been collected by malware that had been installed on people’s devices.
The data was scraped from infected devices and pooled with 36 different cybercrime sources, including hacking-focused Telegram channels and historic breach collections.
Naturally, when a database of this size is found, the immediate assumption is that a malicious actor is hoarding it to launch a massive wave of account takeovers. But when researchers dug into who actually owned the data file, they found a startling twist.
This dataset actually belonged to a legitimate threat intelligence and breach monitoring company. The platform aggregates this data to help identify risks for their corporate clients. However, during a system migration, a simple server misconfiguration left the entire vault completely exposed to the open internet.
ITRC CEO Eva Velasquez points out that this perfectly highlights the hidden risks of the security industry itself. When defensive companies collect stolen data to track breaches, they inadvertently create a "super-target" for threat actors, requiring high levels of security to protect the information. The good news is that the database was quickly taken down after the discovery. But the bad news is that the threat actors running these infostealer malware networks continue to rely on the fact that most people use the same or similar passwords across all their accounts.
If your credentials are swept up in a data breach, a threat actor doesn’t need a sophisticated exploit to access your financial or personal accounts. They could just use your password. While this is a massive amount of data, there is little additional risk since it appears to include little or no newly compromised information. What this discovery does do is give all of us a chance to check our own cyber habits. Don't wait for a breach notification. If you are still using passwords on critical accounts like your email, banking, or cloud storage, switch to passkeys. They are phishing and data breach proof and you’ll never have to remember anything to access your accounts.
If you are reusing passwords on accounts that don’t offer passkey protections, make sure you use a password manager to change them so you have a unique password on every account. Turn on multi-factor authentication everywhere it's offered too.
Even the companies built to protect us from breaches make mistakes. That means the first and most important line of defense rests with our own security habits.
If you want to know more about how to protect your personal information from infostealer malware, or if you are worried your credentials were caught up in a major data breach, you can speak with an expert ITRC advisor by phone or text at 888.400.5530 or live chat on our company website. Just visit www.idtheftcenter.org to get started.
Thanks again to SentiLink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to podcasts. We will be back next week with a new episode of the Weekly Breach Breakdown. Until then, thanks for listening.