May 27, 05:20 AM

Over 184 Million Passwords Leaked in Lumma Malware Attack; Operation Endgame Seizes 300 Servers, Indicts 20

A large-scale cyberattack has resulted in the leak of over 184 million passwords and sensitive information linked to major social media and technology platforms, including Google, Microsoft, Facebook, Instagram, and Snapchat. The exposed data also involves accounts connected to various government entities and platforms related to banking and healthcare. The breach is believed to have been facilitated by the Lumma infostealer malware, which targeted nearly 394,000 Windows computers between March and May 2025 to steal personal and financial data. In response, international law enforcement agencies, supported by technology companies such as Google, Amazon, Intel, ESET, and Proofpoint, have dismantled the infrastructure behind the Lumma malware and the DanaBot malware, which had infected approximately 300,000 computers. These coordinated operations, known as Operation Endgame, led to the seizure of 300 servers, the takedown of 650 domains, and the criminal indictment of 20 individuals involved in cybercrime activities. Additionally, an Iranian national pleaded guilty for his role in a ransomware and extortion scheme involving the Robbinhood ransomware, which caused over $19 million in damages to Baltimore in 2019.