16 billion login credentials, including passwords, have been exposed.
- Cybersecurity researchers confirmed a leak of 16 billion login credentials including passwords
- The leaked data covers services like Apple, Facebook, Google, GitHub, Telegram, and government sites
- Researchers found 30 datasets since 2025, each containing up to 3.5 billion records
In one of the largest data breaches in history, cybersecurity researchers have confirmed the leak of 16 billion login credentials, including passwords. The information leak can open the door to "pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services", according to a report in Forbes.
The development comes in the backdrop of multiple reports highlighting the presence of a "mysterious database" containing 184 million records -- sitting unprotected on a web server. The latest research suggests that it may have been just the tip of the iceberg.
As per the outlet, the researchers have uncovered 30 datasets, with each of them containing up to 3.5 billion records. The information, which includes social media and VPN logins as well as corporate and developer platforms, is contained in datasets that have been found since the start of 2025.
"This is not just a leak - it's a blueprint for mass exploitation. These aren't just old breaches being recycled. This is fresh, weaponisable intelligence at scale," said the researchers.
Researchers suggest that credential leaks at this scale can be exploited for phishing campaigns, account takeovers and business email compromise (BEC) attacks.
"The fact that the credentials in question are of high value for widely used services carries with it far-reaching implications," said Darren Guccione, the CEO and co-founder of Keeper Security.
Also Read | Indian Scientists Establish Secure Quantum Communication In Breakthrough Achievement
Dump passwords: Google
Such data breaches are of the reasons why Google has been advising its users to upgrade their Gmail account's security by moving on from older sign-in methods like passwords and two-factor authentication (2FA). The tech giant is pushing for users to upgrade accounts to passkeys as well as social sign-ins for better control over their accounts.
"It's important to use tools that automatically secure your account and protect you from scams," the California-based company said.
Passkeys is a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. Google views passkeys as "phishing resistant", which can help users log in simply with the method they use to unlock their devices, which can include fingerprint recognition, facial scan, or the pattern lock.
Track Latest News Live on NDTV.com and get news updates from India and around the world
