Looks like this is turning out to be a year of unimaginable events – with new records due to shocking news happenings being created. In one of the largest data breaches recorded in history till date, cybersecurity researchers have confirmed the leak of 16 billion login credentials, including passwords.
This apparent largest data breach of the century, involves an incredulous 16 billion login credentials getting leaked – including passwords, VPN login and social-media related sensitive information. As part of an ongoing investigation that started at the beginning of the year, the researchers have concluded that the massive password leak is the work of multiple info-stealers working together.
The information leak now opens the door to any online service imaginable – from Apple, Facebook, and Google, to GitHub, Telegram, and various government services. The development comes in the backdrop of multiple reports highlighting the presence of a ‘mysterious database’ which contains around a staggering 184 million records – lying unprotected on a web server. The latest research suggests that this dataset may just be the tip of the iceberg. These cyber researchers have uncovered 30 datasets since the start of 2025, with each of them containing up to 3.5 billion records.
This unfathomable piece of information has sent major tremors in the technological and cyber-security domain. Tech giants such as Google, Facebook, Apple and others can face severe restructuring and major alignment shifts in order to protect any such untoward incident being a recurrence in the future. This mammoth leak of 16 billion passwords is not just a mere activity – but a blueprint for mass exploitation. This is almost synonymous with weaponizable and destructive intelligence being utilized. Credential leaks at this scale can be very well be undertaken for phishing campaigns, account takeovers and business email compromise (BEC) attacks.
As per the information available cyber news researchers, majority of the data cannot be comprehended to determine as to how many people’s or accounts were actually exposed. Several collections of login credentials reveal this discovery to be one of the largest data breaches in history, adding up to a humongous 16 billion exposed login credentials. Such data breaches are of the reasons why Google has been advising its users to upgrade their Gmail account’s security by moving on from older sign-in methods like passwords and two-factor authentication (2FA). The tech giant is pushing for users to upgrade accounts to passkeys as well as social sign-ins for better control over their accounts.
Tips to Keep Your Accounts Safe
- Set two-factor/multi-factor authentication or biometric sign in options on as many as accounts/devices as possible
- Create strong and unique passwords for different platforms and apps – in order to avoid all the accounts getting hacked due to the same password.
- Use latest software updates and automation features that auto-secure your account and protect from such scams.
- Google recommends using passkeys as ‘phishing resistant’ tool which can help users log in through fingerprint recognition, facial scan, or the pattern lock – similar to a smartphone set up.
- Use only secure URLs (Universal Resource Locators).
Helene Elliott is the senior reporter for News Raise. She covers Science news. She also has a keen interest in photojournalism. Helene holds a nomination for the prestigious Red Smith Award. She is married to author Dennis D’Agostino, a former publicist with the New York Mets.
