16 Billion Login Credentials Exposed in Massive Leak—Change Your Passwords Now

Cybernews researchers uncovered what appears to be the largest credential leak in history—16 billion usernames and passwords collected from 30 separate datasets, each containing millions to over 3.5 billion records. This isn't old, recycled data—it’s largely fresh and weaponizable, according to the team.

The data was harvested via infostealer malware—malicious software that scans infected devices and grabs saved login credentials from browsers, apps, even crypto wallets. These stolen credentials are typically packaged in simple text logs with the format.

Exposed datasets include credentials for a wide range of services—Apple, Google, Facebook, Telegram, GitHub, government portals, and more. Researchers warn this volume is a “blueprint for mass exploitation”, fueling phishing, account takeovers, and identity theft.

Not exactly. The leak is a compilation of multiple infostealer logs and credential-stuffing dumps discovered since early 2025—not a single breach incident. Still, the sheer size and freshness of the data make it a critical threat.

Security experts and major platforms are urging immediate action:

• Change all passwords—especially ones reused across multiple accounts.
• Use strong, unique passwords via a trusted password manager.
• Enable two-factor authentication (2FA)—ideally app-based or hardware key methods.
• Scan devices for malware, especially infostealers—ensure antivirus or endpoint protection is current .
• Monitor account activity for suspicious logins or notifications from the likes of Google, Facebook, or your bank.

This isn’t just another data breach—it’s an aggregation of freshly stolen credentials at an unprecedented scale. While infostealer malware continues quietly harvesting login data, this release serves as a wake-up call. With billions of credentials out there, now is the time to lock down your digital life by upgrading passwords, enabling MFA, and running security tools.