16 Billion Passwords Exposed in One of the Largest Data Breaches Ever 

_{Photo credit: Pungu x / Shutterstock.com}

On 18 June 2025, Cybernews announced its researchers had found 30 exposed datasets, with up to 3.5 billion records in each, totalling 16 billion login credentials in what it calls “the largest data breach in history.”

It clarified, however, that there may be some overlap in the records, which were most likely compiled using infostealer malware designed to avoid detection. 

In addition to infostealer logs containing tokens, cookies, and metadata, the leaked datasets list URLs, followed by individual login details and passwords, for most online services, including Apple, Google, Facebook, GitHub, Telegram, VPNs, and government portals. 

Cybernews researchers claim new datasets have emerged every few weeks, signaling the prevalence of infostealer malware, saying:

This is not just a leak—it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.

It is unclear who is behind the exposed datasets, but it is likely to be linked to cybercriminals and could be exploited in phishing attacks, account takeovers, and identity theft.

The size of the breach means it is hard to tell how many accounts are under threat, but the public is advised to use secure login methods for all online services, such as strong password managers and multi-factor authentication.

As cybercriminals evolve their tactics and malware becomes more able to evade detection, up-to-date security practices are essential for mitigating exposure to fraud.