Privacy-focused tech company Proton has discovered a massive trove of compromised user data on the dark web, exposing growing cyber risks for individuals and businesses alike.
Quick Summary – TLDR:
- Proton’s new tool uncovered 300 million exposed credentials circulating on dark web forums.
- 49 percent of the records included passwords, increasing the risk of identity theft and fraud.
- Recent data breaches affected major firms like Qantas, Allianz Life, and Tracelo.
- Small businesses are disproportionately impacted, with 4 in 5 hit by data breaches.
What Happened?
Proton, the Swiss-based internet privacy company known for tools like Proton Mail and Proton VPN, has revealed that 300 million login credentials are actively circulating on dark web cybercrime markets. This discovery comes from their new Data Breach Observatory, a tool designed to monitor underground forums and marketplaces in real time. The findings shed light on a rapidly growing security threat affecting companies and individuals across the globe.
Proton Data Breach Observatory Uncovers 300M Stolen Credentials On Dark Web In 2025, 49% With Passwords — Forbes
— The Open Source Press (@theospress) November 1, 2025
Proton’s Dark Web Surveillance Reveals the Scale
Instead of waiting for businesses to disclose breaches, Proton is going straight to the source. Their Data Breach Observatory scans dark web forums where cybercriminals trade stolen data. The tool provides early detection of data breaches, giving businesses a chance to act before widespread damage occurs.
Proton reported that the 300 million exposed records do not include duplicate or aggregated data from older leaks. Nearly 49 percent of the credentials contain passwords, and 71 percent of the affected organizations are small or medium-sized businesses (SMBs). That combination creates an extremely high risk of account takeovers, identity theft, and fraud.
The Real-World Impact of Stolen Data
The leaked credentials include names, email addresses, phone numbers, home addresses, and dates of birth. In more severe cases, banking information, IBAN numbers, and social security numbers were also compromised. This blend of sensitive data gives criminals everything they need to execute sophisticated financial scams and impersonation attacks.
Recent High-Profile Breaches Identified by Proton
Proton’s research uncovered recent major data breaches, including:
- Qantas Airways (Australia): 11.8 million records exposed in October 2025.
- Allianz Life (Germany): More than 1 million records compromised in September.
- Tracelo (USA): 1.4 million records leaked.
- Free (France): Over 19 million customer records breached earlier in 2025.
- SkilloVilla (India): 33 million records compromised.
These incidents affected sectors ranging from telecom and tech to finance and education, showing just how widespread and indiscriminate these attacks have become.
Why Passwords Still Matter?
Despite ongoing pushes toward passwordless systems by companies like Google and WhatsApp, passwords remain a primary security layer. According to Proton, password reuse and weak security practices are still rampant, making it easy for attackers to gain access to multiple accounts using a single leaked password.
Experts recommend:
- Using password managers to generate and store strong, unique passwords.
- Enabling multi-factor authentication on all accounts.
- Regularly checking for compromised credentials through breach monitoring services.
Proton’s observatory provides both businesses and individuals a way to check if their credentials are at risk and what action to take.
SQ Magazine Takeaway
I think Proton’s move to monitor the dark web directly is a game changer. Too often we wait for companies to report breaches that already happened. With this kind of early warning system, it gives us a fighting chance to stay ahead of cybercriminals. But let’s be real, the fact that 300 million credentials are out there is terrifying. We need to stop treating strong passwords and two-factor authentication as optional. If you haven’t checked whether your accounts were compromised, now’s the time. The dark web doesn’t sleep, and neither should your cybersecurity habits.
