Skip to content
16 Billion Passwords Leaked in 2025’s Biggest Data Breach

16 Billion Passwords Leaked in 2025’s Biggest Data Breach

In 2025, a historic cyberattack 16 billion passwords leaked, compromising accounts across major platforms like Apple, Google, and Facebook.

This massive leak, discovered by the Cybernews team, affects virtually every major online platform, including Apple, Google, Facebook, GitHub, Telegram, and even government services.

The breach, driven by infostealer malware, has raised global alarms due to its scale and the fresh, actionable nature of the stolen data.

This isn’t just another recycled leak—it’s a cybercriminal’s dream, enabling phishing attacks, identity theft, and account takeovers on an unprecedented scale.

This article dives into the details of the 16 billion password leak, its implications, and actionable steps to safeguard your digital life.

Let’s explore what happened, why it matters, and how you can stay safe.

What Happened: Passwords Leaked and Data Breach

Cybernews researchers, led by Vilius Petkauskas, have been tracking exposed datasets since early 2025.

Their findings revealed 30 separate datasets, each containing tens of millions to over 3.5 billion records, totaling 16 billion compromised login credentials.

These datasets, briefly exposed through unsecured Elasticsearch and object storage instances, were accessible long enough for researchers to uncover but not to identify their owners.

Unlike previous leaks, such as the RockYou2024 (10 billion passwords) or the Mother of All Breaches (MOAB) (26 billion records), this breach contains fresh, structured data collected by infostealer malware.

The data includes URLs, usernames, passwords, cookies, session tokens, and metadata, making it highly exploitable for cybercriminals.

Only one dataset, containing 184 million records, had been previously reported by Wired, leaving the vast majority of this breach unreported until now.

The sheer volume—equivalent to roughly two compromised accounts per person on Earth—underscores the urgency of this issue.

While some records may overlap, the recency and organization of the data make it a “blueprint for mass exploitation,” according to researchers.

How the Data Was Stolen: The Role of Infostealer Malware

The primary culprit behind this breach is infostealer malware, a type of malicious software designed to silently extract sensitive information from infected devices.

Unlike traditional hacking methods that rely on brute force, infostealers exploit user errors, such as downloading pirated software, infected PDFs, game mods, or other malicious files.

Once installed, they collect:

  • Login credentials (usernames, passwords)
  • Session cookies and tokens, which can bypass two-factor authentication (2FA)
  • Browsing history, autofill data, and stored documents

This malware targets a wide range of platforms, from social media (Facebook, Instagram, Telegram) to cloud services (Google, Apple), VPNs, developer tools (GitHub), and even government portals.

The structured format of the stolen data—URL, username, password—makes it particularly dangerous, as it’s ready for immediate use in cyberattacks.

Cybernews researcher Aras Nazarovas notes a shift in cybercriminal tactics: “The increased number of exposed infostealer datasets in centralized databases may signal that criminals are moving away from platforms like Telegram, previously a go-to for stolen data.”

This trend highlights the growing sophistication of cybercrime.

Which Platforms Are Affected?

The breach spans virtually every major online service, including:

Social Media: Facebook, Instagram, Telegram, Snapchat

Tech Giants: Google, Apple, Microsoft

Developer Platforms: GitHub

Messaging and VPN Services: Telegram, various VPN providers

Government Portals: Official services worldwide

Financial and Corporate Systems: Banking, business platforms

While some reports suggest that Apple, Google, and Facebook credentials were directly leaked, Cybernews contributor Bob Diachenko clarifies: “There was no centralized breach at these companies.

The credentials include login URLs to their services, collected via infostealers.”

This distinction is critical—your accounts may still be at risk, even if the companies themselves weren’t hacked.

With 16 billion records, the breach’s scope is staggering.

One dataset, potentially tied to Portuguese-speaking users, contained 3.5 billion records, while another linked to Telegram had 60 million.

The diversity of affected services makes it likely that most internet users have at least one compromised account.

Why This Breach Matters: A Blueprint for Cybercrime

Cybersecurity experts describe this leak as a “blueprint for mass exploitation” due to its scale and the actionable nature of the data.

Here’s why it’s so dangerous:

Phishing Campaigns: Cybercriminals can use stolen credentials to craft highly targeted phishing emails, tricking users into revealing more sensitive information.

Account Takeovers: With usernames, passwords, and session tokens, attackers can access accounts without triggering security alerts, especially if 2FA is not enabled.

Identity Theft: Exposed credentials can lead to stolen identities, affecting financial accounts, credit scores, and personal privacy.

Ransomware and BEC Attacks: Businesses are at risk of business email compromise (BEC) and ransomware, as attackers exploit weak credentials to infiltrate corporate systems.

Crypto Wallet Risks: The leak threatens cryptocurrency users, as stolen credentials could allow attackers to access custodial wallets or cloud-stored seed phrases.

The inclusion of cookies and session tokens is particularly alarming, as these can bypass 2FA in some cases, rendering traditional security measures less effective.

How to Protect Yourself: Actionable Steps

Given the scale of this breach, immediate action is essential.

Here are practical steps to secure your accounts:

  1. Change Your Passwords:
    • Update passwords for all critical accounts (email, banking, social media, etc.).
    • Use strong, unique passwords (at least 12 characters, mixing letters, numbers, and symbols).
    • Avoid reusing passwords across platforms, as 94% of passwords in a recent Cybernews study were recycled.
  2. Enable Multi-Factor Authentication (MFA):
    • Activate 2FA wherever possible, preferably using authenticator apps or hardware keys rather than SMS, which is less secure.
    • Note: Some stolen cookies may bypass 2FA, so monitor accounts closely.
  3. Use a Password Manager:
    • Tools like Dashlane, Proton Pass, or Keeper Security generate and store complex passwords, reducing the risk of reuse.
    • Password managers also alert you to compromised credentials.
  4. Check for Compromised Credentials:
    • Use services like Have I Been Pwned (HIBP) to check if your email or passwords have been leaked.
    • Google’s Password Checkup tool can also identify compromised passwords for Google accounts.
  5. Monitor Accounts for Suspicious Activity:
    • Regularly review login alerts and account activity.
    • Contact customer support if you notice unauthorized access.
  6. Switch to Passkeys:
    • Companies like Google, Apple, and Facebook are adopting passkeys, which use biometric authentication (e.g., fingerprint or face recognition) instead of passwords. Passkeys are more resistant to phishing and leaks.
    • Check guides for enabling passkeys on Google, Apple, or Facebook.
  7. Scan for Malware:
    • Run antivirus software to detect and remove infostealer malware.
    • Avoid downloading files from untrusted sources, such as pirated software or suspicious links.
  8. Use Dark Web Monitoring:
    • Services like Dashlane or Keeper Security offer dark web monitoring to alert you if your credentials appear in leaks.
  9. Delete Unused Accounts:
    • Deactivate old or unused accounts to reduce your digital footprint.
  10. Update Software:
    • Keep your operating system, browsers, and apps updated to patch vulnerabilities exploited by infostealers.

The Bigger Picture: A Wake-Up Call for Cybersecurity

This breach highlights systemic issues in cybersecurity:

Password Reuse Epidemic: A Cybernews study found that 94% of passwords are reused, with common choices like “123456,” “admin,” or names like “Ana” dominating.

Weak Authentication Practices: Many users rely on short (8–10 characters) or simple passwords, making them vulnerable to brute-force attacks.

Unsecured Data Storage: The datasets were found in unsecured Elasticsearch and object storage instances, underscoring the need for better data protection by companies.

Infostealer Prevalence: The rise of infostealer malware shows how easily users can be compromised through everyday activities like downloading files.

Experts urge companies to adopt stronger security measures, such as mandatory 2FA, encryption, and regular audits.

The Future: Moving Beyond Passwords

The 16 billion password leak underscores the fragility of password-based systems.

Industry leaders are pushing for passkeys, which replace passwords with biometric or device-based authentication.

Companies like Google, Apple, and Facebook are already implementing passkeys, with Dashlane being an early adopter.

Passkeys offer several advantages:

Phishing Resistance: They’re tied to specific devices, making stolen credentials useless without physical access.

Ease of Use: Biometric authentication (e.g., Face ID) is faster and more user-friendly.

Scalability: Passkeys work across platforms, from social media to banking.

What’s Next: The Ongoing Threat of Data Breaches

The 16 billion credential leak is not an isolated incident.

Cybernews reports that new datasets emerge every few weeks, driven by the growing use of infostealer malware.

Previous breaches, like the RockYou2024 (10 billion passwords) and MOAB (26 billion records), show that data leaks are becoming more frequent and severe.

The cryptocurrency sector faces unique risks, as stolen credentials could lead to wallet takeovers or social engineering attacks.

Exchanges may require users to reset passwords or implement stricter security measures.

For individuals, this breach is a reminder to prioritize cyber hygiene.

For organizations, it’s a call to invest in robust security frameworks, including zero-trust models and advanced encryption.

Take Control of Your Digital Security

The 16 billion password leak of 2025 is a stark reminder of our digital vulnerabilities.

With Apple, Google, Facebook, and countless other services at risk, no one is immune.

By changing passwords, enabling 2FA, using password managers, and adopting passkeys, you can significantly reduce your exposure.

Services like Have I Been Pwned and Google Password Checkup are valuable tools to stay informed.

Don’t wait for the next breach—act now to secure your accounts.

Stay updated with CTC News.

Tweet

Discover more from CTC News

Subscribe now to keep reading and get access to the full archive.

Continue reading

32,000 Statistics Canada Jobs Now Hiring Across Canada For 2026

Top 5 Canada Permanent Residency Pathways In 2026

New Canada Workers Benefit Payment Coming On January 12

All The CRA Tax Deadlines For 2026 and Important Updates