Home World USA Latin America Europe Asia Africa TV Shows Showbiz Travel Lifestyle Opinion Science Politics Health Sports Tech Entertainment Business
Tech June 17, 2026

UMVA Uncovers: 124 MILLION Passwords Leaked - IS YOURS ON THE LIST?!

UMVA Uncovers: 124 MILLION Passwords Leaked - IS YOURS ON THE LIST?!

UMVA has learned that a massive collection of compromised login credentials has been added to a prominent data breach notification database, sending shockwaves through the cybersecurity community.

The staggering dataset comprises 56.3 million email addresses and 124 million passwords, making it one of the largest collections of stolen credentials ever recorded. What's particularly alarming is the origin of this data: it was extracted directly from infected computers and devices, rather than from a single cyberattack on an online service.

According to information obtained by UMVA, the data is a collection of "stealer logs" generated by infostealer malware, a type of malicious program designed to scan devices for stored passwords, browser data, and other sensitive information. These logs were compiled from hundreds of millions of individual records, revealing a treasure trove of stolen login credentials.

The operator of the data breach notification service has added the passwords to a database where they can be checked, providing a valuable resource for users to assess their vulnerability. However, the service has not specified which particular malware is behind the data collected, nor has it provided further details regarding the original source of the data collection.

Infostealers are among the most commonly used tools by cybercriminals, and their impact can be devastating. These malicious programs can silently infect devices, stealing login details over long periods of time without being noticed. The latest dataset serves as a stark reminder that login credentials can fall into the wrong hands not only through data breaches at companies, but also directly from users' end devices.

Users can check if their email address appears in the new collection via the data breach notification service, which added the records to its database on June 15th, 2026. Those who find their email address or password in the new data collection should act quickly, changing any affected passwords immediately, especially if they reuse them across other online services.

To protect against credential stuffing attacks, users are advised to enable two-factor authentication, which provides an additional layer of security. Using a unique, strong password for each service is also crucial, and a password manager can help create and manage secure passwords. By taking these steps, users can significantly reduce their risk of falling victim to cybercrime.

Share this article

UMVA MAG

UMVA Mag is your trusted source for breaking news, in-depth analysis, and compelling stories from around the world. Covering politics, business, technology, entertainment, sports, health, science, and more — we deliver journalism that matters.

Independent, Accurate, Unbiased
24/7 Breaking News Coverage
Trusted by Millions Worldwide