Hacker reveals 6.8 billion emails online and warns victims “your data is public”

Published: 11 February 2026
Last updated: 12 February 2026
Major email data leak database
Image by Cybernews.

Several billion leaked, scraped, and stolen email addresses were shared in a single database, enabling a phishing spree on an unprecedented scale. However, our researchers believe the dataset has far fewer legitimate addresses than attackers claim.

Key takeaways:
  • A forum user posted a database claiming 6.8 billion unique email addresses collected from various data sources online.
  • Cybersecurity researchers estimate the actual number of legitimate emails is closer to 3 billion.
  • Even a tiny fraction of a success rate with 3 billion emails could generate thousands of potential victims.
  • The attackers claim they compiled emails from credential combos, logs, and databases collected over several months of extraction work.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The post boasting about a humongous compilation of emails appeared on a popular data leak forum early this year. Meanwhile, the forum user who uploaded the database claims to have spent several months digging through various online sources, containing often illegally obtained data.

ADVERTISEMENT

“Two years ago, I obtained more than 3.3 billion unique email addresses. After a long break, I started this again and spent about two months extracting emails from various combos, ULP collections, logs, and databases, and extracted 6,839,584,670 unique email addresses,” the post’s author, going by the moniker Adkka72424, said.

Adkka72424 likely had access to much more credential data, as infostealers and collections often contain email addresses and passwords together. However, the attacker may have decided to keep a compilation containing billions of email addresses and passwords for personal use.

Billions of leaked emails online
The post announcing the database on a popular data leak forum. Image by Cybernews.

The attacker claims to be raising awareness and seeking the attention of cybersecurity expert Troy Hunt. So far, attempts to get the experts’ attention have not been successful. Adkka72424 also addresses individuals who may be concerned about their personal details appearing in his collection.

“Well, in that case, I have bad news – those to whom you entrusted the data did a poor job of protecting them and your data is public,” the post author said.

“However, this does NOT mean that it's over. Just change passwords on important websites and add 2FA there so that no one steals your precious data. Good luck!” the attacker said.

Does the major email database actually contain billions of emails?

Meanwhile, the Cybernews research team investigated the 150GB-strong dataset, noting that, at least in theory, the attacker did not lie about the size of the collection. The dataset included over 6.8 billion lines of data, exactly as the post's author said.

ADVERTISEMENT

However, our team noted numerous invalid email addresses, which according to the researchers, makes the database a lot more difficult to use for amateur attackers. For one, the database requires time and effort to fix and make usable for large scale attacks.

The team believes that after eliminating unusable emails and duplicates, the actual number of email addresses in the database could be significantly lower, hovering around 3 billion unique addresses.

Billions of emails data leak
Sample of the data in the major email database. Image by Cybernews.

While over half the size as initially intended, several billion email addresses in a single database is still a massive number of ready-to-use targets for cybercriminals. As scale and automation is the name of the game in phishing attacks, malicious actors could find this type of list highly useful.

If only 0.001% of email holders from the entire 3 billion legitimate email database would click on a malicious link, it would net attackers 30,000 potential victims that can be infected with malware and potentially drained of cash.

The team believes that to the very least, the massive collection of emails can serve as a time saver for malicious actors who know how to properly handle large scale data collections.

Billions of emails data leak
Some email addresses in the list appear to be fake. Image by Cybernews.

“Based on comments on the forum thread, most users are excited about using the data to check if other leaks contain fresh new data, by comparing entries to this release. This allows threat actors to save time by trying to exploit only newly found leaked accounts,” the team explained.

While a decade ago, storing billions of records was the prerogative of nation-states, modern-day scammers often bulk up their storage with massive numbers of credentials, often stolen or scraped.

The “billions of leaked records” problem

ADVERTISEMENT

Last week, we published our team's findings about an exposed Elasticsearch cluster that contained over 160 indices and held 8.7 billion primarily Chinese records, ranging from national citizen ID numbers to various business records.

Last December, the team uncovered an unprotected database with 4.3 billion records, some with Linkedin-derived personal information. The 16TB-strong instance contained emails, photos, employment histories, and other personal data. A single collection alone contained 732 million records, including photographs.

Have thoughts about this topic? Others do, too. Join them in the discussion.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In July, Cybernews covered one of the largest data leaks in history, after researchers discovered several collections of login credentials, containing 16 billion records. The team found 30 exposed datasets, each containing tens of millions to more than 3.5 billion records.

The leaked data included login info for just about every online service, including Apple, Facebook, Google, GitHub, Telegram, and even government platforms.

What kind of data was leaked along with the email addresses?

The dataset primarily contains email addresses, though the attacker likely had access to passwords as well since most credential collections group emails and passwords together.

Can attackers use this email list to hack my accounts?

Yes and no. Even though many emails in the database are invalid, cybercriminals can use the legitimate addresses for large-scale phishing attacks and credential stuffing. However, hackers can't breach your account using only email address.

How are attackers planning to use this massive email compilation?

According to forum discussions, threat actors intend to use the database to identify newly leaked accounts by cross-referencing it with other breaches. This saves them time by allowing them to focus exploitation efforts on fresh, compromised credentials rather than old ones.

How many email addresses were exposed in the leak?

The attacker claims to have compiled 6,839,584,670 unique email addresses from various sources. However, researchers found that the actual number of valid, usable email addresses is approximately 3 billion after removing duplicates and invalid entries.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
Deutsch English Português (BR) Español Français Niederländisch Italian (IT)
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT