This week, about 6 million entries were published on the Tor forum called Cebulka, which were supposed to contain Polish users' login details for the most popular portals.
How were the passwords stolen? There is a probability that they were downloaded from users by means of malware, so-called "stealer". Once infected, it downloads all the passwords on the victim's computer and sends them to the creators. Additionally, it is quite likely that the database is very up to date. It can be concluded that it has data even from 2023, and the number of victims is estimated at over 100,000 victims.
Example domains and number of items:
facebook.com: 119 334
allegro.pl: 88 282
.gov.pl: 44 385
Poczta.onet.pl: 28 747
Poczta.wp.pl: 12 056
x-kom.pl: 10 761
online.mbank.pl: 10 140
Some time ago, there was a bank customer data leak. As a consequence, banks blocked the possibility of paying by card for a limited period of time. It is possible that these events are related.