ZeroFox Intelligence Flash Report - Data Set Features Billions of Leaked User Credentials

ZeroFox Intelligence Flash Report - Data Set Features Billions of Leaked User Credentials

Product Serial: F-2025-07-16a

TLP:CLEAR

In this Flash report, ZeroFox researchers report on the procuring of a recently-announced large-scale data set, comprised of approximately 16 billion compromised data points.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

• ZeroFox has procured a significant quantity of leaked data, the existence of which was first announced by cybersecurity researchers on June 18, 2025.
• Among approximately 16 billion compromised data points, ZeroFox’s preliminary analysis identified at least 2.7 billion lines of URL, login, and password (ULP) data, alluding to at least this many separate victims.
• Although initial media reporting suggested that this data was associated with a singular data breach, it is significantly more likely that it was compiled from various stealer logs.
• As of this writing, ZeroFox is unable to determine the usability of this data or the extent to which it is associated with contemporary accounts that may be vulnerable to compromise.
• Initial analysis suggests that much of the data is dated between January and June 2025, indicating there is a likely chance that a high proportion of the identified data would provide malicious utility to those in possession of it.