World’s Biggest Password Leak! 16 billion credentials exposed protect your accounts now before hackers get in. Find out what to do. 16 billion passwords exposed in record-breaking data breach. Breach has exposed over 16 billion usernames and passwords. These stolen details belong to people using big platforms like Apple, Google, Facebook, Telegram, GitHub, and even government websites.
This is one of the biggest data leaks in history. The stolen data is new, not from old leaks. That makes it even more dangerous.
Hackers can now steal accounts easily. They can send fake messages, trick people, or break into your personal accounts. Many people use the same password for different sites. This makes the problem worse.
16 billion passwords exposed in record-breaking data breach
16 billion credentials were exposed in one of the largest data breaches ever.
The data is fresh and not recycled from old attacks.
It enables easy phishing and account takeover attacks.
Most people reuse passwords making this more dangerous.
Users must change passwords, start using password managers, enable 2FA, and switch to passkeys.
What happened?
- Cybersecurity researchers from Cybernews found the breach.
- It is not one leak. It is a mix of 30 separate datasets.
- Some datasets hold up to 3.5 billion records each.
These datasets appeared online in early 2025. The data is fresh not from old leaks.
Why it is dangerous
- The breach is a “blueprint for mass exploitation.” Hackers can use the data easily.
- It enables credential stuffing. This is when attackers use known usernames and passwords to log into other sites.
- One survey showed 81% of users reuse passwords.
- Successful attacks occur up to 2% of the time so 1 million stolen records can breach 20,000 accounts.
- This makes phishing, identity theft, and account takeovers easier.
Who is affected?
People affected include users of:
- Apple, Google, Facebook, Instagram
- Telegram, GitHub
- Government services
Some experts say the scale doubles the world’s population because many people have multiple accounts apnews.com.
How it was stolen
- The data likely came from infostealer malware.
- These are tools that steal credentials from infected devices techrepublic.com+15news.com.au+15apnews.com+15.
- There’s no sign the services themselves were hacked. Instead, attackers stole login info from users and compiled it apnews.com.
Scope at a glance
| Metric | Details |
|---|---|
| Number of records | 16 billion credentials |
| Number of datasets | 30 separate collections |
| Max per dataset | ~3.5 billion records |
| Platforms affected | Apple, Google, Facebook, others |
| Type of info stolen | URL, username, password |
| Data freshness | Early 2025 (not reused from old leaks) |
Why this is unique
- It is called one of the largest breaches ever
- It happened after another leak of 184 million passwords also via infostealers.
- A separate analysis found 19 billion passwords leaked between April 2024 and 2025—94% reused, weak, or predictable.
- Patchy protection, user reuse of passwords, and malware all helped the breach grow.
What to do now
Experts urge everyone to take these steps:
- Change passwords on important accounts.
- Use password managers for strong and unique passwords
- Enable multi-factor authentication (2FA) or passkeys
- Switch to passkeys—these use your phone or fingerprint and resist phishing.
- Watch for phishing messages or suspicious links.
- Use dark web alerts to see if your info is being sold.
Why passkeys?
- Passkeys don’t need typed passwords.
- They use things like your phone’s lock or face to log in.
- They stop phishing. You can’t be tricked into typing it on a fake site indiatimes.com.
What companies say
- Google urges users to turn on passkeys for Gmail and YouTube indiatimes.com.
- Facebook, Apple also recommend passkeys, 2FA, and password managers apnews.com.
- Security companies call it a call for stronger cyber hygiene
Read: Amazon Employees Relocation Deadline: gives staff 30-day ultimatum
