What actually happened (the short version)
Researchers found an open database — no lock, no password — holding ~24 billion records and 8.3 TB of stolen login data.
It was a mega-mashup of 36 different sources: old breaches, hacker Telegram channels, and fresh infostealer logs.
Over 1.7 billion records came straight from Telegram channels that exist purely to hand out stolen logins.
It had emails, usernames, the websites you log into, AND passwords — a lot of them in plaintext (readable, not scrambled).
Found June 12, secured June 15. Three days. But the file was downloadable that whole time, and probably long before anyone noticed.
