ESOF PCI ASV: Your Key to Payment Card Data Security
In the world of payment card data security, PCI ASV, or Payment Card Industry Approved Scanning Vendor, plays…
In late June 2025, Cybernews researchers uncovered one of the largest credential collections ever: over 16 billion fresh login credentials exposed via infostealer malware and unsecured repositories.
What Was Leaked
The datasets span 30 sources and include usernames, passwords, session tokens, and cookies—not recycled data, but recent, weaponizable credentials. Services affected include major platforms like Google, Facebook, Apple, GitHub, Telegram, and more.
Why It Matters
This leak is being called a “blueprint for mass exploitation” since it enables attackers to hijack accounts, bypass multifactor authentication, deploy phishing campaigns, and conduct business email compromise.
Credential theft is now industrialized, with automated bots testing logins at scale—making even MFA insufficient on its own.
Expert Warnings & Recommendations
Experts urge all users to:
- Use password managers and monitor accounts for suspicious activity
- Change passwords immediately
- Enable MFA or, better yet, use passkeys
What TAC Security Recommends
- Adopt password less technologies (passkeys) to block the reuse risk and thwart automated bot attacks
- Deploy centralized solutions like ESOF for real-time breach detection and response
- Enforce strict credential hygiene, including password uniqueness and periodic rotation
