16 million passwords leaked: In what¡¯s being described as the largest data breach in history, a staggering 16?billion passwords have been exposed, affecting users of major platforms like Facebook, Instagram, Google, Apple, Telegram, and more.
Cybersecurity experts warn this unprecedented leak¡ªcompiled from malware, credential stuffing, and past breaches¡ªoffers fresh, weaponisable data that could fuel phishing, account takeovers, and identity theft across the web.?
With credentials exposed from 30 distinct databases, the scale and recency of this breach are deeply alarming. Experts are urging everyone¡ªfrom casual social media users to privacy-conscious consumers¡ªto take immediate action.?
Read on to learn what this massive leak means for your online accounts and how you can protect yourself in this digital emergency.
Security researchers have discovered an enormous data breach containing 16 billion login credentials across 30 databases. This might have an impact on users of numerous sites, including Facebook, Instagram, Gmail, Apple, and many more.?
CyberNews analysts discovered what may be the biggest credential leak in history during an inquiry that has been underway since January 2025. The size of the publicly available datasets varies greatly, ranging from enormous databases with over 3.5 billion credentials each to smaller collections with tens of millions of items.?
Although analysts were unable to identify the owners, the enormous collection of stolen data remained momentarily available through unprotected databases before being taken down.?
The fact that almost all of the files were previously unknown¡ªjust one database with 184 million records was previously made public by Wired magazine in May¡ªis the most alarming.?
The research team claims that the compromised credentials create a "blueprint for mass exploitation" spanning almost all of the major internet services. In addition to government portals, the files include login credentials for email services like Gmail, developer platforms like GitHub, messaging apps like Telegram, VPN services, and social media behemoths like Facebook and Instagram.?
Usually, each record has the same format: username, password, and website URL. The collecting techniques employed by infostealer malware, malicious software created to extract private data from compromised devices, are consistent with this framework.?
A one-time password sent by SMS is the main way to log in to Telegram. Therefore, compared to other platforms where the password is always the same, this is much less relevant for Telegram users," the company told TOI in a statement.?
Researchers stress that, in contrast to repurposed data from previous hacks, this is "fresh, weaponizable intelligence at scale." Through account takeovers, identity theft, and highly targeted phishing attacks, the credentials give fraudsters unprecedented access that may destroy both persons and organizations.?
Researchers at CyberNews caution that fresh large datasets appear every few weeks, underscoring the widespread presence of infostealer malware in the current digital environment. This data is hazardous for organizations without multi-factor authentication because it includes current logs with tokens, cookies, and metadata.?
Given that there are over 5.5 billion internet users worldwide, the hack may impact several accounts per individual. Security professionals advise changing all online accounts' passwords right away, turning on multi-factor authentication wherever it is practical, and creating strong, one-of-a-kind passwords with password managers.?
Additionally, users are encouraged to keep a close eye on their accounts and think about using tools like "Have I Been Pwned" to see if their login credentials have been hijacked. Aside from this, it's always preferable to use the most recent software versions, turn on automatic updates, and only visit safe, reliable websites¡ªideally HTTPS¡ªto avoid clicking on links in unsolicited emails.??
You may quickly determine whether your login credentials have been compromised in a number of ways. You can check using the methods listed below:
Have I Been Pwned: To check if your email address has been used in any known data breaches, enter it.
Google Password Checkup: This feature, which is integrated into Chrome and your Google account, identifies compromised passwords and recommends changes.
Using information that has been leaked and signs of identity theft, the F-Secure Identity Theft Checker provides a risk assessment.??
If your data was compromised in the internet leak, you can take the following corrective action:
For the latest and more interesting tech news, keep reading Indiatimes Tech.