In what is being described by cybersecurity experts as the largest breach of its kind to date, nearly 16 billion login credentials have been leaked online, compromising user accounts across major global tech platforms including Apple, Facebook, Google, GitHub, Telegram, and various government services.
The breach, uncovered by researchers at Cybernews, was first reported earlier this year but has now been confirmed to include an enormous collection of previously unseen datasets.
According to Vilius Petkauskas, the lead researcher on the investigation, at least 30 separate datasets were discovered — each containing tens of millions to over 3.5 billion records — bringing the total to an unprecedented 16 billion compromised credentials.
“This is not just a leak — it’s a blueprint for mass exploitation,” the researchers warned, adding that this latest trove is comprised largely of “fresh, weaponisable intelligence at scale” rather than previously recycled breaches.
The credentials are said to include email addresses, usernames, and passwords, structured in formats that could be readily used by cybercriminals for phishing attacks, identity theft, and large-scale account takeovers. Alarmingly, many of the records were tied to active accounts on social media, VPN services, developer platforms, and official government portals.
Industry-wide concern
In a statement responding to the breach, Keeper Security, a leading password management firm, said the leak “underscores the urgent need for consumers and organisations to adopt stronger authentication methods.”
“This level of data exposure presents a very real threat to global cybersecurity. It gives malicious actors a direct route into people’s digital lives,” the company’s founders told the press.
The FBI has previously issued warnings urging users not to click on suspicious SMS links and to transition to more secure authentication protocols such as passkeys — a sentiment echoed by Google in recent months as it pushes users away from password reliance.
A breach of historic scale
The leak dwarfs previous data breaches, including the 184 million password database reported just weeks earlier. Experts believe the credentials were collected via a coordinated campaign involving multiple infostealers — malicious software tools designed to extract user credentials from infected devices.
“These aren’t just remnants from older leaks. The scale and freshness of the data confirm that this breach could enable widespread account compromises if action is not taken swiftly,” the researchers said.
The dataset was reportedly structured in a standardised format, listing the source URL followed by the associated username and password, making the data extremely usable for automated attacks.
What users can do
Cybersecurity experts have advised users to immediately:
-
Change passwords for all online accounts, particularly if the same password has been used across platforms.
-
Enable two-factor authentication (2FA) wherever possible.
-
Use password managers to create and store complex, unique passwords.
-
Monitor online accounts for suspicious activity, including unexpected login attempts or password reset notifications.
Individuals and organisations are also urged to check whether their credentials have been exposed using reputable online tools such as Have I Been Pwned or Cybernews’ Leaked Credential Checker.
As the digital landscape becomes increasingly vulnerable to sophisticated cyber threats, experts stress the importance of collective awareness and proactive measures.
“This isn’t just about privacy — it’s about safeguarding entire digital ecosystems,” Petkauskas concluded. “The threat is real, the data is live, and the time to act is now.”
