A new AI-powered legal startup backed by Sequoia Capital is rewriting how contracts are reviewed, by building a law firm around the software itself.

Lawyers Using AI To Deliver Services To Clients

Most legal tech startups position themselves as tools for traditional firms to use. It seems, however, that Crosby has taken a radically different approach. Rather than offering AI software to outside lawyers, Crosby has built its own law firm, staffed with lawyers who use its proprietary legal AI systems to deliver services directly to clients.

Launched in early 2025 and already out of stealth with a $5.8 million seed round led by Sequoia Capital, Crosby is a hybrid legal provider combining full legal oversight with rapid AI-powered contract processing. In doing so, it positions itself not just as a legal technology provider, but as a legal services business with a completely different operating model.

“Our goal was never to just automate tasks for law firms,” said Ryan Daniels, Crosby’s co-founder and CEO, in a launch statement. “To really fix how slow legal work is, we had to control the entire process—so we became the law firm ourselves.”

Built for Speed, Designed for Growth

The problem Crosby says it set out to solve is a familiar one in fast-moving industries, i.e. contract delays.

Daniels, who previously served as general counsel for several startups and worked at elite tech law firm Cooley, experienced the issue first-hand. “Most of the time I was spending on legal was for our contracts, sales agreements, MSAs,” he said. “It was the reason we weren’t growing as fast as we wanted to.”

Agentic

Crosby’s solution is what it calls an “agentic” law firm using a “hybrid” model where every contract is reviewed by proprietary AI agents, then verified by experienced lawyers. This human-in-the-loop setup enables clients to get back a reviewed contract within three hours, with many returned in under 60 minutes. Daniels claims the company’s fastest reviews take just minutes.

High-Volume, Sales-Related Agreements

The startup focuses on high-volume, sales-related agreements such as master service agreements (MSAs), data processing agreements (DPAs), and non-disclosure agreements (NDAs). This is because these are the kind of documents that tend to clog deal pipelines for sales teams in growing firms. Crosby’s promise is, therefore, to get contracts reviewed quickly and accurately, so deals close faster.

Who’s Behind Crosby?

Crosby was founded by Daniels and John Sarihan, who serves as CTO. Sarihan previously worked at Ramp, a fintech unicorn, and brought with him engineering talent from companies like Meta, Google, and Vanta. Daniels, a second-generation lawyer whose parents are both law professors, focused on building the legal team, which includes alumni from Harvard, Stanford, and Columbia Law.

The company is headquartered in New York and operates as both a legal technology company and a law firm. Formally, Crosby Legal, Inc. provides the technology, while Crosby Legal PLLC is the law firm offering legal services.

Their Sequoia-led funding round also included participation from Bain Capital Ventures and notable angel investors such as Ramp co-founders Eric Glyman and Karim Atiyeh, Instacart co-founder Max Mullen, Opendoor’s Eric Wu, and Flatiron Health founders Zach Weinberg and Gil Shklarski.

Josephine Chen from Sequoia, who previously backed AI procurement startup Venue (later acquired by Ramp), led the deal. “Legal is a bull’s-eye case for the use of LLMs,” she said. “Contract negotiations can be a real bottleneck for growth.”

AI Meets Legal Expertise

Crosby’s approach blends the rapid processing power of AI with legal precision. For example, clients can send documents or queries via Slack, email, or through a CRM trigger. The system’s legal AI agents, trained on thousands of contracts and guided by firm-developed benchmarks, then analyse the documents, make suggestions, and insert relevant market terms.

Lawyers then step in to review, interpret tricky clauses, and validate any automated changes. The final contract is returned to the client with a fixed price tag (no hourly billing), and no redline confusion (no back-and-forth edits on contracts). For example, “AI never sleeps,” says the firm’s website. “Crosby never gets backlogged.”

Learns About Clients’ Businesses

Crosby’s AI systems are also designed to learn each client’s business over time. This includes storing preferences, preferred clause variations, and common fallback terms. The company claims its software can answer routine contract questions without client input once it’s sufficiently trained.

Targeting Startups That Need to Move Fast

So far, Crosby appears to have aimed its services at venture-backed startups, particularly those with aggressive go-to-market (GTM) strategies. Early clients include Cursor, UnifyGTM, and Clay, all startups known for rapid growth and high sales velocity.

By focusing on sales contracts and offering legal reviews as fast as the sales cycle itself, Crosby is positioning itself as a growth enabler rather than just a legal resource. GTM teams reportedly call it a “secret weapon” for getting contracts over the line.

Crosby’s upfront pricing is also designed to appeal to startups used to controlling costs. For example, clients pay per document, not per hour, which is a sharp contrast with traditional legal billing models.

Why This Matters for the Legal Industry

Crosby’s emergence poses direct questions to the traditional legal services model. For example, most law firms are structured around bespoke work, hourly billing, and long timelines. By contrast, Crosby is productising contract review, treating it as a repeatable, scalable service.

Not The First Legal Firm To Apply AI

It’s worth noting here that Crosby is not the first to apply AI to legal work. For example, companies like Harvey (which recently raised $80m), Ironclad, and Spellbook are building AI tools to support lawyers. However, Crosby is unusual in that it delivers end-to-end legal service directly to clients, with its own regulated legal team and a law firm structure.

This allows Crosby to sidestep law firm conservatism and scale more like a tech startup. “We didn’t want to wait for firms to catch up,” Daniels said. “We wanted to prove it could be done.”

Potential Risks and Criticisms

Crosby’s model is not without its critics. Legal work carries significant liability, and while its lawyers remain in the loop, the firm must prove that its AI systems are reliable, auditable, and ethically sound. The startup says all outputs are lawyer-reviewed, but how clients interpret that balance between machine and human may vary.

There’s also the regulatory question. In most US states, legal services must be delivered by licensed professionals. Crosby’s dual-entity structure is designed to comply with those rules, but regulatory scrutiny may increase as it scales.

UK firms will also need to watch this space closely. For example, while firms like Allen & Overy and Mischon de Reya are experimenting with AI copilots, none have yet adopted a Crosby-style hybrid structure. If Crosby proves successful in the US, it may set a precedent for how AI-led legal services could evolve in other jurisdictions.

Are There Any Competitors Doing the Same?

There are firms inching toward similar models. Atrium (now defunct) once tried to integrate software with legal service delivery, though without the speed or AI emphasis Crosby offers. More recently, firms like Lawtrades and Axiom Legal blend tech-enabled platforms with lawyer marketplaces, but again, they stop short of Crosby’s embedded, AI-first, regulated law firm model.

In the UK, companies like Luminance and Robin AI provide AI tools to assist legal teams but do not operate as regulated firms themselves. Crosby’s core differentiator is that it is both the software company and the law firm, acting as one unified entity with aligned incentives to deliver speed and accuracy at scale.

What Does This Mean For Your Business?

For law firms, Crosby represents a direct challenge to long-established business models built around hourly billing and drawn-out negotiations. Its hybrid setup shows that legal services can be fast, fixed-price, and scalable, without sacrificing human oversight. If the model proves durable, it could force traditional firms to rethink both their pricing structures and the level of tech integration in their workflows.

For UK businesses, the implications could be equally significant. If models like Crosby’s reach the UK market, startups and scaleups would most likely be able to close deals more quickly, reduce legal overheads, and compete more effectively. The demand for faster legal execution is not limited to Silicon Valley. UK firms under pressure to accelerate growth and reduce friction in sales cycles may soon expect legal services to move at the same pace as their CRM or procurement systems. Legal firms serving these clients will need to respond accordingly.

Regulators and legal educators may also come under pressure to modernise. Crosby’s model blurs the line between legal practitioner and product developer. That raises questions not just about compliance, but also about professional training, ethical oversight, and the future identity of the legal profession. As AI models evolve, the challenge will be to strike a balance between innovation and accountability.

The legal industry has long been insulated from the kind of disruption seen in finance or logistics. Crosby’s approach suggests that insulation may be starting to wear thin. Whether it becomes the norm or remains an outlier, it has already expanded the conversation around what legal services can look like, and who is best placed to deliver them.

A new platform called Psst has launched to help tech and government workers report wrongdoing anonymously and securely.

Users submit encrypted text-only reports into a “digital safe” at www.psst.org. These stay locked unless others report similar issues, helping protect identities and reveal patterns of misconduct.

Only Psst’s legal team can access matched reports, ensuring legal privilege and shielding whistleblowers from retaliation.

The tool avoids uploads to reduce traceability and plans to automate matching using secure hardware enclaves.

Psst arrives amid growing concern that insiders fear speaking out on security, safety and ethics—especially in fast-moving tech sectors.

Businesses should review their own reporting systems and ensure staff can raise concerns safely and confidentially.

A pioneering European mission has successfully engineered an artificial total eclipse in orbit, unlocking new insights into the Sun’s outer atmosphere and showcasing precision spaceflight powered by sustainable innovation.

World-First

In a world-first achievement for orbital science, the European Space Agency (ESA) has unveiled the first results from its ambitious Proba‑3 mission to create a controlled, artificial total solar eclipse in space. The breakthrough offers an unprecedented look at the Sun’s superheated outer atmosphere (the corona) while also demonstrating the practical viability of precision formation-flying spacecraft, a key enabler for sustainable and scalable space missions of the future.

How?

Proba‑3, launched on 5 December 2024 aboard a PSLV-XL rocket from India’s Satish Dhawan Space Centre, is made up of two satellites flying 150 metres apart in Earth orbit. One of the spacecraft, dubbed the Occulter, carries a 1.4-metre disc designed to block the bright central disc of the Sun, thereby mimicking the effect of the Moon during a total solar eclipse. The other, the Coronagraph, holds a specialised optical instrument called ASPIICS, built to observe the faint corona that surrounds the Sun.

“We can create our eclipse once every 19.6-hour orbit,” explained Andrei Zhukov, Principal Investigator for ASPIICS at the Royal Observatory of Belgium. “Unlike natural eclipses, which happen at most a couple of times a year and only last a few minutes, we can hold our eclipse for up to six hours.”

Why?

The Sun’s corona is a region of superheated gases that unexpectedly reach temperatures above one million degrees Celsius, which is far hotter than the visible surface of the Sun itself. This apparent paradox has puzzled scientists for decades and holds key information about solar weather, particularly the origins of powerful coronal mass ejections (CMEs) and solar winds.

These solar outbursts can create dramatic auroras but also cause serious disruption to power grids, communications, navigation systems and satellites on Earth. For example, in May 2024, a strong solar storm caused blackouts and temporarily disabled GPS in several regions. Understanding how and why these solar events happen has, therefore, become not just a matter of scientific curiosity, but one of economic and infrastructure resilience.

The Proba-3 mission was designed precisely to address this knowledge gap, by allowing scientists to observe the corona much more frequently, and in greater detail, than has ever been possible before.

The Technology

The technical achievement behind Proba-3 is pretty remarkable. For example, to maintain their alignment while orbiting Earth at speeds of around 1 kilometre per second, the two satellites must remain synchronised to within just a few millimetres. Doing so without continuous input from ground control relies on a suite of advanced guidance, navigation, and control technologies, many of which were developed by European startups and SMEs.

From Different Countries

Dutch company Lens R&D, a graduate of ESA’s Business Incubation Centre, developed the high-precision Sun-tracking sensors which allow the spacecraft to detect minute changes in the Sun’s position, essential for staying locked in alignment. Irish firm Onsemi (formerly SensL) supplied silicon photomultipliers, i.e., the extremely sensitive light detectors that monitor the shifting shadow of the Occulter on the Coronagraph to fine-tune positioning.

Also, software from Polish firm N7 Mobile, which transitioned from consumer app development to embedded systems, handles the formation control logic. This software suite coordinates the orbital choreography required to maintain the artificial eclipse while minimising reliance on ground-based commands.

“Although we are still in the commissioning phase, we have already achieved precise formation flying with unprecedented accuracy,” said Damien Galano, ESA’s Proba-3 mission manager. “This is what allowed us to capture the mission’s first images, which will no doubt be of high value to the scientific community.”

What the Images Show

The ASPIICS instrument (short for Association of Spacecraft for Polarimetric and Imaging Investigation of the Corona of the Sun) was built by an industrial consortium led by the Centre Spatial de Liège in Belgium. Its design reduces the amount of stray light reaching the detector by keeping the Occulter spacecraft well ahead of the Coronagraph, something that’s physically impossible with ground-based or single-satellite coronagraphs.

The very first images processed by the ASPIICS Science Operations Centre in Belgium show the ghostly, intricate structures of the corona stretching outward from the Sun’s surface. The images are composites, created by combining multiple exposures of varying lengths to capture both faint outer loops and brighter inner details.

“The difference between these and traditional eclipse images is striking,” noted ESA project scientist Joe Zender. “ASPIICS sees deeper into the corona and for much longer periods than we ever could from Earth.”

A second instrument onboard Proba-3, the Digital Absolute Radiometer (DARA), will measure the total solar irradiance which is essentially the power output of the Sun over time. This could contribute to long-term climate modelling, space weather forecasting, and understanding solar variability.

A third device, the 3D Energetic Electron Spectrometer (3DEES), will monitor high-energy electrons in Earth’s radiation belts, which pose risks to satellites and astronauts.

Milestone in Sustainable Engineering

Beyond scientific discovery, Proba-3 is also being hailed as a milestone in sustainable space engineering. For example, by proving that precision formation flying is feasible with minimal intervention, the mission sets a precedent for future multi-satellite missions that could reduce launch mass, hardware duplication, and overall system complexity.

According to Dietmar Pilz, ESA Director of Technology, Engineering and Quality: “Many of the technologies which allowed Proba-3 to perform precise formation flying have been developed through ESA’s General Support Technology Programme, as has the mission itself. It is exciting to see these stunning images validate our technologies in what is now the world’s first precision formation flying mission.”

Formation flying has long been viewed as a promising approach to improving the modularity and upgradeability of space systems. Instead of building one large satellite to perform multiple tasks, smaller, specialised satellites can fly together in tandem, each optimised for a particular role, and coordinated by autonomous onboard software.

It’s thought this approach could dramatically reduce launch costs, simplify end-of-life decommissioning, and even allow future satellites to replace individual modules of larger systems without scrapping the whole assembly. These efficiencies all contribute to reducing the environmental impact of space operations, both in terms of material use and space debris.

Valuable For Predictive Modelling

For solar physicists, Proba-3’s ability to generate high-quality coronal data on demand opens new avenues for predictive modelling. Early observations have already fed into the development of more accurate computer models, such as ESA’s COCONUT (COroNal simUlaTion) software at KU Leuven in Belgium, which can now be adjusted using real, high-resolution data instead of extrapolated estimates.

“These observations will help refine our simulations of solar behaviour and improve our ability to forecast disruptive events,” said Jorge Amaya, ESA’s Space Weather Modelling Coordinator. “This ultimately helps industries and governments better prepare for the impact of solar activity.”

Showcases Space Tech Capability

For European space tech businesses, Proba-3 could also be seen as a showcase of regional capability. More than 40 companies from 14 countries contributed to the mission, with key roles played by Sener (Spain), GMV, Airbus Defence and Space, Redwire Space and Spacebel (Belgium). Their collaboration underscores Europe’s growing leadership in cutting-edge satellite technologies and fosters new opportunities in the global space market.

Helping Protect The Earth

For Earth itself, the implications are longer-term but just as vital. For example, better understanding the Sun means better protecting Earth’s climate, infrastructure, and communication systems from space weather threats, a growing concern in an increasingly digital and satellite-reliant world.

What Does This Mean For Your Organisation?

That same need for resilience is being felt across industries, including here in the UK. As sectors from energy to aviation to telecoms become increasingly dependent on satellites and GPS systems, the ability to monitor and predict solar weather is moving from scientific interest to operational necessity. A better understanding of solar dynamics could allow UK businesses to put stronger safeguards in place, from data backup protocols to grid protection strategies. For infrastructure operators, insurers, and digital service providers alike, that foresight could prove invaluable.

The engineering and innovation model behind Proba-3 also carries lessons for future sustainability-focused projects. For example, the involvement of multiple smaller European firms, including several startups, highlights a decentralised and collaborative approach that appears to have delivered advanced results without relying on single-use mega-systems. It’s a structure that supports technical excellence, local supply chains, and long-term adaptability. In the UK, where the space sector is looking to expand its global footprint while meeting environmental goals, this kind of scalable, formation-based architecture could be a defining direction.

For researchers, the mission offers more than just data. It demonstrates that high-risk, high-precision science is still possible with tight constraints and sustainable principles in mind. By proving that a six-hour solar eclipse can be recreated on demand from orbit, Proba-3 has not only opened a new window into solar physics, but it has also set a benchmark for how future missions might balance ambition with responsibility.

This video shows how you can make sure that your website is optimised for SEO and that all your products and services will have the highest likelihood of being indexed and found properly … all with the few clicks of some buttons … and some handy prompts !

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Need to check a voice note during a meeting or just prefer reading over listening? WhatsApp now lets you transcribe voice messages into text in just a few taps.

How to:

– Go to ‘Settings > Chats > Voice message transcripts’ in WhatsApp.
– Choose your preferred language (e.g. English).
– Then, in any chat, tap and hold the voice message.
– Select ‘Transcribe’ when the option appears.

What it’s for:

Ideal for catching up on messages when you can’t play audio out loud — or for double-checking long or unclear voice notes.

Pro‑Tip: Transcription works offline and on-device for privacy — but always scan the text for errors before forwarding or quoting.

A massive trove of stolen usernames and passwords totalling 16 billion records has been discovered across 30 newly uncovered databases, revealing one of the largest and most dangerous credential breaches ever recorded.

Two Login Credentials for Every Person on Earth

Security researchers at Cybernews have uncovered an unprecedented cache of login data scattered across unsecured web databases. These exposed collections, some open to the internet only briefly, were mostly hosted on misconfigured Elasticsearch instances or cloud object storage services, making them accessible without authentication.

All but one of the 30 datasets involved in the breach had not been reported previously. Combined, they include roughly two login credentials for every person on Earth!

A Blueprint For Mass Exploitation

“This is not just a leak – it’s a blueprint for mass exploitation,” said the Cybernews team, who have been tracking the breach since early 2024. “The structure and recency of these datasets make them particularly dangerous.”

From Apple, Google, Facebook, and More

While large-scale data breaches have become disturbingly common, this incident stands out for the freshness of the data and the scope of what’s included. For example, Cybernews has reported that the breach includes login credentials drawn from a huge range of services including Apple, Google, Facebook, GitHub, Telegram, VPNs, and even government portals.

More Than Just Usernames and Passwords

The datasets primarily consist of credentials stolen by infostealers, i.e. a type of malicious software designed to extract sensitive information from infected computers. Once installed (often via phishing emails, fake software updates, or pirated software), infostealers scan the victim’s device for stored logins, cookies, authentication tokens, and autofill data. These details are then quietly sent back to attackers’ servers.

In most cases, Cybernews reports that the stolen data is structured in a familiar format, i.e. the website URL, the username or email address, and the associated password. Some records are reported to include extra metadata, such as session cookies or two-factor authentication tokens, which can significantly aid attackers in bypassing security protections.

Cybernews estimates that some overlap exists between datasets, but even conservative estimates suggest billions of distinct login records are involved. The largest single collection, linked to a Portuguese-speaking population, holds over 3.5 billion records. Others are named generically (such as “logins” or “credentials”) while some reference specific services like Telegram or locations such as the Russian Federation.

Who’s Behind It and Who’s Affected?

It appears that the origin of these leaked datasets remains murky. Although some may have been compiled by cybercriminals intent on launching mass-scale phishing or credential stuffing attacks, others could belong to grey-hat researchers, aggregating leaked data for academic or threat intelligence purposes. However, it should be noted that the absence of clear attribution makes them no less dangerous.

Cybersecurity experts have warned that even if only a fraction of the 16 billion records are actively exploited, the consequences could be severe. Identity theft, business email compromise (BEC), unauthorised access to cloud services, ransomware attacks, and financial fraud are all plausible next steps.

A significant concern is that many users still reuse the same password across multiple sites (known as ‘password sharing’). Attackers often employ credential stuffing, a tactic that involves testing stolen username/password pairs against a wide range of sites, hoping users have reused credentials elsewhere.

The impact is not likely to be just limited to individual consumers. Businesses, particularly those lacking multi-factor authentication (MFA) or modern password management protocols, are at risk of full-scale account takeovers. These in turn could lead to data theft, service disruption, or reputational damage.

What Tech Companies and Security Experts Are Saying

So far, most affected companies have not issued individual statements, probably because the breach is not tied to a specific platform or service – the leak is an aggregation of credentials siphoned off via malware over time.

However, the Cybernews team and other researchers have voiced serious concern. “Credential leaks at this scale are fuel for phishing campaigns, ransomware intrusions, and business email compromise,” the team said in its public briefing. “The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organisations lacking multi-factor authentication or credential hygiene practices.”

Security vendor Malwarebytes described the incident as “a wake-up call” for both users and companies. “This is a stark reminder that infostealer malware remains an enormous threat and that misconfigured cloud services continue to expose sensitive data at scale.”

More of a ‘Combolist’

Some experts have cautioned against treating the breach as a single event, noting that it is better understood as a massive combolist, i.e., a curated aggregation of multiple smaller leaks. Even so, the potential for harm remains high.

Why This Breach Is Different and What Comes Next

Unlike older breaches which often contain outdated or previously exposed data, these records are mostly new. Only one of the 30 datasets had been reported before (a 184 million-entry trove covered by Wired in May). The rest have emerged only recently, some in the last few weeks, suggesting that infostealer activity is ongoing and highly active.

Not Indexed Yet

At the moment (it’s still early days since the discovery), compounding the risk is the lack of visibility. Many of the exposed credentials have not yet been indexed by breach monitoring services or browser alert systems, meaning users aren’t being automatically notified if their details are among those leaked.

Also, because the databases were reportedly only briefly exposed, researchers say they could not determine who held or uploaded the data, nor whether it has already been downloaded or traded on criminal forums.

What Should Users and Businesses Do Now?

For individual users, the recommendations are fairly straightforward but urgent and they probably echo most of the points of security good practice around breaches. For example:

– Immediately change passwords on any accounts using duplicated or weak credentials.

– Use a password manager to generate and store complex, unique passwords for every service.

– Enable multi-factor authentication (MFA) wherever possible.

– Monitor for phishing emails or unusual account activity, especially logins from unfamiliar locations or devices.

– Run antivirus and anti-malware tools to scan for potential infostealers on your system.

For businesses, the stakes are higher. Implementing stronger access controls, requiring MFA across all services, and deploying endpoint detection tools are worthwhile steps. Regular audits of privileged access accounts, secure cloud configurations, and employee training on phishing threats are also essential.

Experts also recommend checking employee and corporate credentials against breach monitoring services such as Have I Been Pwned or Cybernews’ Leaked Database Checker.

Could Big Tech Be Doing More?

Looking at where many of these stolen credentials came from, it’s perhaps not surprising that there is growing pressure on tech platforms to go beyond offering MFA as an optional feature. Some experts are calling for default-on MFA policies, improved session token management, and better user alerts for credential misuse. Others suggest that browser makers could more aggressively warn users about unsafe passwords, even when stored locally.

Cloud service providers also face scrutiny. For example, misconfigured storage services remain a recurring source of data exposure and security researchers have long warned that businesses often fail to understand the shared responsibility model of cloud hosting, which places the burden of securing customer data squarely on the organisation using the service, not the cloud provider itself.

Combined for Weaponisation

This breach essentially demonstrates how aggregated, seemingly disparate data leaks can combine to form a vast, weaponisable archive of credentials. Also, without rapid, coordinated responses from users, businesses, and tech providers alike, the consequences may stretch far beyond compromised passwords.

What Does This Mean For Your Business?

The sheer scale and structure of this breach underline how fragile the global system of digital identity has become. With 16 billion credentials exposed, many of them recent, unrecycled, and complete with cookies and tokens, the barrier to entry for cybercriminals appears to have been lowered dramatically. This isn’t just an escalation in volume, it’s a shift in the quality and usability of stolen data. For attackers, this is a ready-made toolkit for highly convincing phishing, large-scale account takeover attempts, and social engineering operations that could target everyone from individual users to senior staff within high-profile organisations.

For UK businesses, the risks are not theoretical. Any organisation with staff using shared or recycled passwords, without enforced multi-factor authentication, could find themselves an easy target. For example, compromised employee accounts can quickly open doors to sensitive systems, intellectual property, financial accounts or customer data. The consequences are likely to include financial loss, regulatory penalties, and long-term reputational damage. This is especially pressing for sectors handling critical infrastructure or customer data, such as healthcare, education, local government and law firms.

The fact that so many of the datasets were discovered in misconfigured online storage shows how easily even vast amounts of sensitive information can be left vulnerable. This again raises questions about internal security practices, not just among cybercriminals, but among businesses and developers failing to properly secure cloud environments. As more breaches emerge from poor cloud hygiene, regulators may well move to demand greater accountability and oversight from cloud service providers and their clients.

For security professionals and digital privacy advocates, this breach reinforces the need to accelerate the move away from passwords altogether. Passkey adoption, hardware-based authentication, and biometric alternatives are already gaining traction, but the pace remains slow. Meanwhile, tools such as credential stuffing bots and AI-enhanced phishing make password-only systems increasingly outdated and risky.

The discovery also points to a deeper issue around breach notification and public awareness. Because these credentials were collected silently through infostealers and surfaced only when aggregated by researchers, the victims (both users and the platforms their data was stolen from) may have no idea they were compromised. With no clear breach event to attribute, many companies are, therefore, unlikely to report or even detect the loss. This leaves users exposed and unprepared, and it puts the onus on breach checkers and independent researchers to close the gap.

This incident serves as a stark reminder that security needs to be proactive, not reactive. Businesses should no longer view breaches as isolated events but as part of an ongoing data extraction economy that thrives on delay, misconfiguration and user complacency. Whether you’re a multinational tech firm, a regional employer, or an individual internet user, the threat landscape has shifted again and this time, the scale is difficult to ignore.