Proton Flags 300 Million Stolen Login Details on Dark Web, Sparks Global Security Alarm

Proton’s Data Breach Observatory Reveals Massive Surge in Stolen Login Credentials

The privacy-focused technology company Proton has sounded the alarm on a dramatic escalation in global data breaches, reporting that more than 300 million login credentials have surfaced on the dark web so far in 2025. This revelation stems from Proton’s new Data Breach Observatory, which actively monitors cybercriminal forums and underground marketplaces in real time, aiming to alert businesses and individuals to breaches often before they become publicly known.

Proton’s analysis, conducted in partnership with Constella Intelligence, has linked these stolen credentials to nearly 800 separate breach incidents this year alone. When aggregated datasets are included, the number of incidents jumps to over 1,500, with the volume of records reaching into the hundreds of billions. This scale highlights an alarming trend: cybercriminals are increasingly targeting both large corporations and small-to-medium businesses (SMBs), with companies employing 10–249 people accounting for nearly half of all recorded breach incidents. Those with fewer than 10 employees comprised a further 23%, demonstrating that no organization is immune from these threats. 

Industries and Personal Data Most at Risk: Proton Data Breach Observatory

Retail and wholesale trade sectors have been the most frequently targeted, accounting for 25% of breaches, followed by technology providers (15%) and media/entertainment (11%). The most commonly exposed data includes email addresses (present in 100% of exposures), names (90%), contact information such as phone numbers and physical addresses (72%), passwords (49%), and sensitive records like government or health information (34%). These exposures raise grave concerns about the risk of identity theft, financial fraud, and broader privacy violations.

Security experts and privacy advocates are expressing serious concern about the scope of these breaches, especially given the potential for rapid exploitation by cybercriminals. Businesses and consumers alike are feeling heightened anxiety, particularly in regions like Europe and Asia, where affected industries have a strong presence.

“If your credentials are compromised, receiving timely alerts is essential to secure your accounts, prevent identity theft, and minimize financial losses.” — Eamonn Maguire, Proton Director of Engineering, AI & ML

Proton’s Early Warning System: A Critical Step Forward

Proton’s Data Breach Observatory leverages a combination of automated tools, curated data feeds, and human analysts to continuously monitor dark web registries where breached data is traded. This proactive approach not only provides early warning signs for businesses—sometimes before the affected company itself becomes aware of the breach—but also empowers individuals to act quickly to safeguard their digital identities.

The initiative is drawing praise from cybersecurity professionals, who see it as a pivotal move to combat the growing tide of unreported and underreported cyber incidents. With the Observatory, Proton aims to raise public awareness and equip both organizations and individuals with actionable intelligence to mitigate the fallout from serious breaches.

Join the Conversation

Stay updated and discuss the latest in cybersecurity—join our WhatsApp group WireUnwired Research or connect with experts on our LinkedIn community WireUnwired Research.