Privacy-focused technology firm Proton has warned of a growing data breach crisis, revealing that more than 300 million stolen credentials are actively circulating on dark web marketplaces. The discovery underscores the expanding scope of credential-based cyberattacks targeting organizations and individuals across multiple sectors.
Growing Threat from Stolen Credentials and Identity Fraud
According to Proton’s Data Breach Observatory, attackers are weaponizing compromised login details to infiltrate networks, commit financial fraud, and facilitate large-scale identity theft. The company’s ongoing surveillance of underground cybercriminal markets shows that sensitive corporate and personal data is being sold to the highest bidder—often long before victims become aware of the compromise.
Proton said its monitoring initiative was established to detect breaches in real time and notify affected organizations before incidents escalate into full-scale intrusions. The findings show that cybercriminals have increasingly focused on credential harvesting as a primary attack vector, with millions of records containing names, birth dates, physical addresses, phone numbers, and passwords now for sale.
“It’s not just major corporations being hit—small businesses are suffering breaches that cost them millions,” Proton researchers warned.
Major Companies Impacted Across Continents
The Data Breach Observatory identified recent exposures affecting several high-profile organizations spanning aviation, telecommunications, finance, retail, and education. In several cases, the stolen data included financial identifiers such as IBAN numbers and social security information, raising concerns about potential large-scale fraud.
Risk Factor Table
| Company | Country | Records Exposed | Compromised Data |
|---|---|---|---|
| Qantas Airways | Australia | 11.8 million+ | Name, date of birth, physical address, phone number, email address |
| Allianz Life | Germany | 1 million+ | Name, date of birth, physical address, phone number, email address, social security number |
| Tracelo | United States | 1.4 million+ | Name, physical address, phone number, email address, password |
| INTERSPORT France | France | 105,782 | Name, physical address, phone number, email address |
| Free | France | 19 million+ | Name, date of birth, phone number, email address, IBAN |
| Orange Romania | Romania | 3.4 million+ | Name, date of birth, physical address, phone number, email address, username, ID number |
| Zacks Investment Research | United States | 5.4 million+ | Name, physical address, phone number, email address, username, password |
| SkilloVilla | India | 33 million+ | Name, physical address, phone number, email address |
| amai | Singapore | 10 million+ | Name, physical address, phone number, email address, password |
| PhoneMondo | Germany | 10 million+ | Name, date of birth, physical address, phone number, email address, username, password, IBAN |
Impact on Businesses and Consumers
The widespread exposure of login credentials has intensified risks for businesses that rely on cloud and SaaS environments. Attackers often use previously stolen passwords in credential-stuffing and brute-force attacks to gain access to sensitive accounts.
Proton emphasized that four out of five small and midsized enterprises have suffered a breach in the past year, with each incident potentially costing over one million dollars in recovery and operational downtime. The company warned that many of these breaches go undetected for weeks or even months, allowing attackers to pivot laterally within victim environments.
Recommended Security Measures
Security experts recommend that organizations strengthen identity management controls, deploy multi-factor authentication, and adopt continuous monitoring for leaked credentials. Proton’s observatory platform allows companies to check whether their data has been compromised and initiate password resets or remediation before malicious actors can exploit the information.
Proton researchers concluded that credential-based attacks will continue to rise as long as stolen data remains easily accessible on illicit forums. The company urged businesses to treat credential security as a foundational defense measure rather than a reactive response to data breaches.
