Cybersecurity researchers have uncovered one of the most significant data breaches in history—an eye-popping 16 billion exposed login credentials. The breach spans nearly every major online platform imaginable, from social media accounts and email logins to developer portals and government services. Think Facebook, Google, and Apple.
Credentials found on 30 separate databases in ‘dangerously usable’ resource for threat actors
The source is a fun, tangled mess of stealer malware logs, repackaged leaks, and credential stuffing datasets. What’s scary is that this isn’t just a dump of old, recycled data—researchers say a lot of it is recent, well-organized, and dangerously usable.
“This is not just a leak – it’s a blueprint for mass exploitation,” said researchers at Cybernews, who have been tracking this trend since the start of the year. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”
The credentials appeared across 30 separate datasets, each containing anywhere from tens of millions to over 3.5 billion records. Most of the datasets were briefly out in the open, left unsecured in places like Elasticsearch or cloud storage buckets. Researchers were able to spot them, but they disappeared before anyone could figure out who was behind it.
What’s in the leak?
Mostly what you’d expect: URLs, usernames, and passwords, but in many cases, the records go further, including tokens, cookies, and other metadata, making them a goldmine for cybercriminals. This could lead to account takeovers, identity theft, phishing campaigns, and business email compromise.
While some overlap exists between the datasets, there’s no reliable way to tell how many unique users are affected. But when you’re looking at 16 billion records, that detail might be beside the point. The scale alone is staggering.
How to protect yourself from infostealers
Infostealers, the most imaginative name that could have possibly been chosen, are nasty pieces of malware. But, there are a few smart steps you can take to reduce your risk:
- Run a reliable anti-malware program and ensure it remains up to date. It should be able to spot and block infostealers before they can do damage.
- Don’t reuse passwords. If one gets stolen, you don’t want it to unlock everything else. A password manager can help you create strong, unique passwords—and remember them so you don’t have to.
- Turn on two-factor authentication (2FA) wherever possible. It adds an extra layer of security, even if someone were to obtain your login details. The most secure option? Use a FIDO2 hardware key (or even your phone or laptop) as your second factor. Unlike text codes or email links, FIDO2-based 2FA can’t be phished.
This story is still unfolding. For now, one thing’s clear: credential hygiene and multi-factor authentication aren’t just best practices, they are vital defenses against a growing wave of credential-fueled attacks.
Unified cybersecurity leader WatchGuard recently unveiled its latest Internet Security Report, which revealed a 94 percent increase in network-based malware detections, indicating a rise in threats. Read our coverage of the results to find out more.