Cybersecurity crisis: 16 billion passwords leaked online

The largest confidential data leak in the history of information security has occurred. According to preliminary reports, a total of 16 billion sets of account credentials — logins and passwords — have been leaked online. This was reported by researchers at "Cybernews".

The massive breach reportedly affects users of several major services, including:

•  Apple
•  Facebook
• Google
• Telegram
•  GitHub
• Various government and business service websites

According to experts, the leaked data was collected using malware known as "infostealers"— malicious programs that covertly extract logins, browser cookies, and other personal information from infected devices.

In total, 30 databases were discovered online, each containing tens of millions of records, with some holding up to 3.5 billion unique entries. Each record typically includes a URL, login, and password, and in many cases, additional information such as authorization tokens and metadata.

“This is not just a data leak — it is a full manual for launching cyberattacks,” warned Cybernews researchers. “Attackers can use this information for account hacking, identity theft, phishing campaigns, and other malicious activities.”

Some of the leaked databases were publicly available for a while on unsecured cloud storage platforms. It remains unclear who compiled and controls them, though several are believed to have been collected by cybercriminal networks.

What Is the Risk to Everyday Users?

Even if some of the credentials are duplicates, the risk is severe. The leaked data could enable:

• Automated credential stuffing (hacking into accounts using leaked passwords)
• Phishing attacks
• Unauthorized access to email, VPNs, social media, and work accounts
• The spread of malicious links
•  Corporate cyberattacks and breaches

Recommendations from Experts to protect themselves, "Cybernews" recommends that users:

• Use a unique and complex password for every account
•  Enable two-factor authentication wherever possible
• Scan their devices for infostealer malware
•  Avoid logging into suspicious websites or clicking unknown links

It should be recalled that earlier this year, personal data belonging to more than 16 million citizens of Kazakhstan was leaked online — a breach informally dubbed “Kazakhstan Population 2024.”