16 Billion Passwords Leaked in Largest Data Breach Ever

AllBlogThings Editors Updated On

16 Billion Passwords Leaked in Largest Data Breach Ever

Cybersecurity analysts have assembled a collection of approximately 16 billion login credentials, including usernames and passwords, from 30 distinct datasets.

This discovery represents the largest known repository of stolen data and encompasses credentials tied to major services such as Apple, Google, Facebook, Telegram and more, according to findings from Cybernews and subsequent coverage by Forbes.

Chief among the researchers was Vilius Petkauskas of Cybernews, who led the team that uncovered the breach earlier this year. The datasets vary in size, from tens of millions to as many as 3.5 billion records per collection, and combine into the 16‑billion total noted in reports from Hindustan Times and Indian Express. Petkauskas told Hindustan Times the credentials are recent and made accessible online for only a short period, suggesting they stem from fresh user theft rather than recycled old leaks.

Cybernews researchers explain the data’s provenance points to “infostealer” malware, a software that silently exfiltrates data from compromised devices, including browser‑stored credentials and logins for applications like messaging services, VPNs, developer tools, gaming platforms, and even government portals.

“This is not just a leak, it’s a blueprint for mass exploitation,” the team stated, warning that this trove offers “weaponizable intelligence at scale” for cybercriminals targeting identity theft, phishing, account takeovers, and ransomware.

A summary by Malwarebytes emphasized that the leak includes credentials for virtually every major online service: national portals, social media, email, financial platforms, VPNs, developer tools, and more. Given the volume, the majority of internet users are likely impacted or affected through reused or similar credentials.

Cybernews first detected the datasets in January 2025. According to Times of India, they had been made briefly accessible before disappearing, though not before they were downloaded and analyzed by the Cybernews team.

The FBI has issued advisories warning the public not to click suspicious links in unsolicited SMS messages, while Google has urged users to reset passwords immediately following the leak. Cybernews-based reporting mirrors this advice, stressing the importance of strong password hygiene in light of such an expansive threat.

Keeper Security co‑founder Darren Guccione spoke with Forbes, recommending password managers and dark‑web monitoring services to help individuals detect and manage compromised credentials.

Cybernews privacy guides advocate the use of two‑factor authentication (2FA), preferably hardware‑based FIDO2 methods, to guard against unauthorized access if a password is exposed. Users are also urged to refrain from password reuse and to consistently monitor account activity.

In mid‑May, security researcher Jeremiah Fowler flagged a 47 GB database containing over 184 million credentials, primarily from Apple, Facebook, Google, and government email accounts, on an unsecured server. That dataset was removed after discovery but underscored the prevalence of credential hoarding.

Since early 2024, researchers have tracked credential compilations numbering in the billions. The current 16‑billion collection, however, exceeds any previously known archive in both scale and recency.

What Users Should Do?

Here’s a list of crucial steps you should consider after this largest data breach in history:

  • Change passwords on all major accounts immediately—especially if reused across platforms.
  • Enable 2FA on email, financial accounts, social media, and cloud services.
  • Use a reputable password manager to generate and store unique passwords.
  • Monitor personal data available on the dark web via online scanning services.
  • Ensure devices are protected with updated antimalware software to block infostealer threats.

Cybercrime experts caution that data of this size will likely fuel a wave of targeted phishing, account hijacking, identity theft, and potential ransomware attacks. They expect further sets may surface in coming months, given the ongoing activity of credential‑stealing malware.

Analysts agree that while large credential leaks are becoming more common, few match the scale or freshness of this 16‑billion trove. The response from users and service providers will be critical in determining whether the exposure translates into widespread exploitation or is mitigated in time.

Although services were not breached directly, this incident highlights how malware targeting end‑users can create one of the most severe data security incidents in history.

You should remain alert, apply robust security measures today and consider using holder services to guard against future credential compromise.

Published Under:

AllBlogThings Editors

A dedicated team of news reporters, content editors, and trends explorers. Each an expert in our own respective categories. Our job is to make sure every article you read is worth your time. Publishing helpful and high quality content is our top priority.

More On This Topic

View all
Previous Post Next Post
Share to other apps
Copy Post Link