A recent post on a dark web forum alleges the availability of a massive trove of stolen credentials, amounting to 17 billion unique records. While these claims remain unverified, the threat actor behind the post advertises access to URL logs, including usernames and passwords, spanning from 2017 to 2024.
The post, which was discovered by cybersecurity analysts monitoring illicit marketplaces, suggests that the data has been systematically cleaned, with duplicates removed and entries sorted by year.
The alleged dataset is being sold in various pricing tiers, with small batches (1-3 targets) available for $150 to $200 and larger packages (15-25 targets) priced between $350 and $500. Additionally, the post claims that bulk orders ranging from 5 to 7 billion records can be customized based on geographic regions.
