"Someone, somewhere is having data exfiltrated from their machines as we speak," says Volodymyr Diachenko, co-founder of the cybersecurity consultancy SecurityDiscovery.
Cybercriminals have intensified their efforts to steal and sell online passwords, experts warn. The alarm comes after the discovery of online datasets containing billions of exposed account credentials.
The 30 datasets comprised a whopping 16 billion login credentials across multiple platforms, including Apple, Google and Facebook, and were first reported by Cybernews researchers last week.
The exposures were identified over the course of this year by Volodymyr Diachenko, co-founder of the cybersecurity consultancy Security Discovery, and are suspected to be the work of multiple parties.
"This is a collection of various data sets that appeared on my radar since the beginning of the year, but they all share a common structure of URLs, login details and passwords," Diachenko told CNBC.
According to Daichenko, all signs point to the leaked login information being the work of "infostealers" — malware that extracts sensitive data from devices, including usernames and passwords, credit card information and online browser data.
While the lists of logins are likely to contain many duplicates as well as outdated and incorrect information, the overwhelming volume of findings puts into perspective how much sensitive data is circulating on the web.
It should also raise alarms on how infostealers have become the "cyber plague" of today, Daichenko said. "Someone, somewhere, is having data exfiltrated from their machines as we speak."
Daichenko was able to detect the exposed data because their owners had temporarily indexed them on the web without a password lock. Inadvertently shared data leaks are often caught by Security Discovery, but not at scales seen so far this year.