Researchers recently uncovered the largest data breach to date, exposing 16 billion passwords and login credentials from popular online platforms. The breach, investigated by Cybernews since early 2025, comprises 30 data dumps.
The greatest data breach was recently made public by researchers, who discovered that 16 billion passwords, login credentials, and private information from well-known online sites were compromised.
Since early 2025, a group of cybersecurity experts at Cybernews, under the direction of Vilius Petkauskas, have been looking into this breach. They discovered a huge collection of stolen data that may possibly impact almost all of the main internet services, according to Forbes.
How did this password leak happen?
The investigation team found 30 separate data dumps, each containing anywhere from tens of millions to over 3.5 billion records. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion.
These credentials are a prime target for phishing and account takeover attempts, and they represent new, weaponizable intelligence at scale rather than merely recycled breaches. The majority of the information was organized as a URL, followed by login credentials and a password. Its contents provide access to almost any online service one could want, including those offered by Apple, Facebook, Google, GitHub, Telegram, and other government agencies. This is the standard signature of contemporary infostealer activity.
Numerous infostealer malware assaults, which utilise malicious software to covertly gather usernames, passwords, and other private information from compromised systems, seem to be the cause of the released data.
The data spans from early 2025 to the present day. Experts claim this isn’t just an ordinary leak; it represents a massive data breach, featuring both new credentials and recycled information from previous breaches.
According to reports, the compromised credentials include login credentials for development tools, social media accounts, VPNs, and well-known internet services including Apple, Google, Facebook, GitHub, Telegram, and even government websites.
Google's advice to users
Google has advised users to reset their passwords and use two-factor authentication (2FA) in the wake of this significant data theft. In order to strengthen the security of their social media accounts, users are also urged to upgrade their accounts using the Passkey function. Google stressed that because the Passkey feature needs biometric verification to log in—which can only be accomplished by the user's fingerprint, face recognition, or pattern lock—it is intended to prevent phishing efforts.