HomeLatest NewsCyber SecurityStolen passwords now a constant risk, not isolated breaches, CISO says
Cyber Security

Stolen passwords now a constant risk, not isolated breaches, CISO says

Tech Observer Desk
By Tech Observer Desk
Updated On
Listen . 1 min
Make us preferred on Google

The discovery of a database containing 149 million exposed login credentials shows that credential theft has become a persistent condition of the internet, rather than a series of one-off breaches, according to Shane Barney, CISO at Keeper Security.

Password security
Password security (Photo/File)
Preferred Source of Google

Exclusive

A publicly accessible database containing 149 million stolen usernames and passwords was discovered online by a researcher, before being taken down by the hosting provider, according to multiple reports.

The dataset was identified by researcher , who alerted the provider after finding the records exposed without authentication. While the database is no longer accessible, security specialists said such discoveries often come after the data has already circulated among cybercriminals.

The trove included credentials linked to major online services, including around 48 million Gmail accounts, 17 million logins and 6.5 million Instagram records. Other entries were associated with platforms such as Yahoo, Netflix, Microsoft Outlook, Apple iCloud, TikTok and Binance.

Advertisement
EVENT
Saksham Bharat 2026
Saksham Bharat 2026
A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.
📅 Tue, 26 May 2026
📍 Mumbai, Bengaluru, Delhi
Register Now →
EVENT
VeeamON 2026 Tour India - Mumbai
VeeamON 2026 Tour India - Mumbai
A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.
📅 Tue, 26 May 2026
📍 Grand Hyatt, BKC
Register Now →
EVENT
Cyber Surakshit Uttar Pradesh
Cyber Surakshit Uttar Pradesh
Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.
📅 Thu, 28 May 2026
📍 Lucknow
Register Now →
EVENT
VeeamON 2026 Tour India - Bengaluru
VeeamON 2026 Tour India - Bengaluru
A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.
📅 Wed, 03 Jun 2026
📍 JW Marriott Hotel
Register Now →
EVENT
VeeamON 2026 Tour India - Delhi
VeeamON 2026 Tour India - Delhi
A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.
📅 Fri, 19 Jun 2026
📍 Shangri-La Eros
Register Now →
EVENT
Infosec Reimagined
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
📅 Fri, 26 Jun 2026
📍 New Delhi
Register Now →
EVENT
Digital Senate
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
📅 Thu, 30 Jul 2026
📍 New Delhi
Register Now →
EVENT
CIO Prism
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
📅 Fri, 18 Sep 2026
📍 Goa
Register Now →

Security experts said the incident does not point to a single breach at any one company, but reflects how credentials are routinely harvested through malware infections on users’ devices.

“This is not a breach in the traditional sense, and it is not evidence of a single failure,” said Shane Barney, chief information security officer (CISO) at Keeper Security. “It is the byproduct of an ecosystem that continuously harvests credentials from endpoints and quietly accumulates access over time.”

Barney said malware known as infostealers typically captures whatever credentials a user enters once a device is compromised, which explains why records from consumer platforms, services and other systems often appear together.

Advertisement

“Once a device is compromised, everything the user touches becomes part of the collection process,” he said. “The value for attackers is not any one account, but the ability to reuse access and move within organisations without drawing attention.”

While the database has been removed, Barney said such actions do little to reduce risk if stolen credentials remain active.

“Taking a dataset offline does nothing to address the underlying issue, which is that many of these credentials remain valid long after they have been stolen,” he said.

Advertisement

Cybersecurity professionals increasingly caution that password leaks should be treated as a constant condition rather than isolated incidents. According to Barney, organisations need to assume that credentials will be exposed and design controls accordingly.

“The question is no longer how to stop every theft,” he said. “It is how access is limited once attackers arrive already authenticated.”

ALSO READ

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Make us preferred on Google
Tech Observer Desk
Tech Observer Desk
Tech Observer Desk at TechObserver.in is a team of technology reporters led by a senior editor who brings latest updates and developments from the world of technology.
- Advertisement -
Powered By Veeam Logo
- Advertisement -

Subscribe to our Newsletter

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Latest in TECH

Tech Observer Desk

National Technology Day: Industry leaders call for responsible AI adoption

Technology industry leaders have called for responsible AI adoption as India marks National Technology Day, highlighting the country's role as a strategic hub for enterprise innovation and AI-led transformation.

RELATED ARTICLES