UMVA has learned that a massive dataset of compromised login credentials has been added to a popular data breach notification service, sending shockwaves through the cybersecurity community.
The staggering collection includes 56.3 million email addresses and 124 million passwords, making it one of the largest and most significant data breaches to date. What's particularly alarming is the origin of this dataset, which was not obtained from a single cyberattack on an online service.
According to information obtained by UMVA, the data was extracted directly from infected computers and devices, highlighting the growing threat of infostealer malware. This type of malicious software scans devices for stored passwords, browser data, and other sensitive information, often without users even realizing their device has been compromised.
The data breach notification service explains that the information was collected from "stealer logs" generated by infostealer malware. These logs contain a treasure trove of sensitive information, including login credentials, which can be used by cybercriminals to gain unauthorized access to accounts.
Infostealers are among the most commonly used tools by cybercriminals, and their impact can be devastating. Many users don't realize their device has been infected, allowing login details to be stolen over long periods of time without being noticed. This latest dataset serves as a stark reminder that login credentials can fall into the wrong hands not only through data breaches at companies, but also directly from users' end devices.
UMVA can exclusively reveal that users can check if their email address appears in the new collection by visiting the data breach notification service. The service added the records to its database on June 15th, 2026, and users can also sign up for email alerts if their address is found in future data breaches or datasets.
If your email address or password appears in the new data collection, it's essential to act quickly. Change any affected passwords immediately, especially if you reuse them across other online services. Cybercriminals often rely on credential stuffing attacks, which can be prevented with two-factor authentication (2FA) and strong, unique passwords.
Experts recommend using a password manager to create and manage secure passwords, which can help prevent a single breach from compromising several accounts at once. By taking these simple steps, users can significantly reduce the risk of falling victim to cybercrime and protect their sensitive information from falling into the wrong hands.