In what experts are calling the largest data breach in history, nearly 16 billion login credentials have been leaked online, affecting user accounts linked to major tech platforms such as Google, Apple, Facebook, Telegram, GitHub, and even several government services.
The breach was uncovered by researchers at Cybernews and involves an extensive compilation of previously unseen datasets. According to lead investigator Vilius Petkauskas, the team identified over 30 individual datasets, each containing tens of millions to more than 3.5 billion records, culminating in a total of 16 billion compromised credentials.
“This goes far beyond a simple leak — it’s a roadmap for cybercriminal operations,” the researchers warned, emphasizing that the data consists largely of “fresh, actionable intelligence,” rather than recycled records from earlier breaches.
The exposed credentials include email addresses, usernames, and passwords, often organized in formats easily usable by hackers for phishing attacks, identity fraud, and large-scale account takeovers. Alarmingly, many of these records appear linked to active user accounts across various platforms, including VPNs, development tools, and government websites.
A Wake-Up Call for Cybersecurity
In response to the breach, cybersecurity firm Keeper Security stressed the need for stronger digital protection strategies. “This level of exposure presents a direct threat to users worldwide. It’s a serious breach that requires immediate action,” the company’s founders said.
The FBI has previously urged the public to avoid clicking suspicious links and adopt modern security protocols such as passkeys. Tech companies like Google have echoed these recommendations, advocating for a shift away from password-based systems.
Unparalleled in Scope and Impact
This breach surpasses previous records, including one just weeks ago that revealed 184 million passwords. Experts believe the stolen data was gathered through a coordinated operation involving multiple infostealers—malicious software programs that extract sensitive information from compromised devices.
Unlike older leaks, this dataset is described as “fresh and highly exploitable,” giving hackers the tools to launch automated attacks with alarming ease. The structure of the data includes source URLs followed by usernames and passwords, making it ideal for immediate misuse.
How to Protect Yourself
Cybersecurity experts recommend that users take the following steps without delay:
- Change passwords on all online accounts, especially those reusing the same password.
- Enable two-factor authentication (2FA) wherever possible.
- Use a reputable password manager to generate and store complex, unique passwords.
- Monitor accounts closely for unusual activity or unauthorized login attempts.
- Check if your data has been exposed using platforms like Have I Been Pwned or Cybernews’ Leaked Credential Checker.
As digital threats grow more sophisticated, experts stress the importance of proactive measures and global vigilance.
“This isn’t just about personal privacy — it’s about the security of entire digital infrastructures,” said Petkauskas. “The threat is immediate, the data is real, and swift action is essential.”
