Breaking News: Historic Password Leak Exposes 16 Billion Login Credentials

A recent report has confirmed that one of the largest password leaks in internet history has occurred, with over 16 billion login credentials stolen. According to Cybernews and Forbes, this massive data breach has put global digital security at risk, making it a prime target for phishing and account takeover attempts.

16 Billion Login Credentials Stolen

Cybersecurity researchers have discovered over 16 billion stolen login credentials that are being sold online. Experts warn that if this trove is not dealt with, it could lead to widespread identity theft, account takeovers, and targeted phishing attacks. The breach is not just a leak, but a blueprint for mass exploitation, as reported by WION.

The data was extracted by infostealer malware and is new and highly structured, not remnants of old breaches. According to a Forbes report, researchers involved in an investigation that began early this year believe that several infostealers were responsible for the massive password leak.

In this technologically advanced world, if a password is compromised, it compromises nearly everything. Google is advising billions of users to change their passwords to more secure passkeys, and the FBI is cautioning people against clicking on links in SMS messages.

How Did This Password Leak Happen?

30 exposed datasets with tens of millions to over 3.5 billion records each have been found, bringing the total number of compromised records to 16 billion, according to Vilius Petkauskas at Cybernews. These credentials are a prime target for phishing and account takeover attempts and represent new, weaponizable intelligence at scale.

The majority of the information was organized as a URL, followed by login credentials and a password, providing access to almost any online service, including those offered by Apple, Facebook, Google, GitHub, Telegram, and other government agencies.

What Can You Do to Stay Safe?

It is crucial to invest in password management software and dark web monitoring tools. Individuals should select robust, unique passwords, utilize multi-factor authentication whenever possible, and remain vigilant and aware of any attempts to steal login credentials. Experts caution that now is the time to take the threat and its enormous risks seriously and advise using a password manager and switching to passkeys wherever feasible.

Where Did the Leaked Credentials Come From?

Credential stuffing lists, repackaged breaches, and infostealer logs seem to be the source of the compromised credentials. These malware programs silently collect user credentials from compromised computers, upload them to servers or databases under the control of malicious actors, or leave them unprotected by accident.

FAQs

• How Does This Breach Differ from Previous Leaks?: The majority of the 16 billion exposed credentials are new and unreported until now, making them particularly vulnerable to phishing, fraud, and account hijacking.
• What Should I Do If I Believe I Have Been Affected?: Change your passwords right away, use a password manager, and enable multi-factor authentication. Consider switching to passkeys and using dark web monitoring tools to receive alerts.

Published On Jun 20, 2025 at 09:24 AM IST

Join the community of 2M+ industry professionals. Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!

Note: The original content has been rewritten without changing its meaning, and the original length has been retained. Proper headings and titles have been kept as required.