16 Billion User Passwords From Apple Facebook Google and Others Exposed

16 Billion User Passwords From Apple Facebook Google and Others Exposed

A staggering 16 billion login credentials, usernames, and passwords have been exposed in what cybersecurity experts are calling the largest data breach in internet history.

The leak, which impacts major platforms including Apple, Facebook, Google, Instagram, Telegram, GitHub, and even government services, has put billions of online accounts at unprecedented risk of account takeover, identity theft, and targeted phishing attacks.

Unprecedented Scale and Scope

The investigation revealed 30 separate datasets, each containing anywhere from tens of millions to over 3.5 billion records, collectively totaling an unimaginable 16 billion compromised credentials. 

– Advertisement –
Leaked Database - Source - CyberNews
Leaked Dataset

Unlike previous leaks, these datasets are not recycled from old breaches; they represent fresh, highly structured data, much of it collected by infostealer malware malicious software designed to steal sensitive information from infected devices.

“This is not just a leak – it’s a blueprint for mass exploitation,” researcher warned.

“With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What’s especially concerning is the structure and recency of these datasets—these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale,” the cyber News said.

The exposed datasets were briefly accessible online through unsecured databases, such as Elasticsearch and object storage instances, before being locked down.

Most of the data was organized by URL, followed by login details and passwords exactly the format harvested by modern infostealers. 

The sources of these datasets remain unclear, but experts believe that cybercriminals, and possibly some security researchers, are responsible for aggregating and leaking the information.

With credentials for virtually every major online service exposed, the implications are severe. Cybercriminals can use this data for:

  • Account takeovers on social media, banking, and corporate platforms
  • Identity theft and financial fraud
  • Highly targeted phishing and social engineering scams
  • Ransomware attacks and business email compromise (BEC)

Even a success rate of less than one percent could result in millions of compromised accounts.

Leaked From 320 Million Computers? Not Quite.

A staggering claim is making waves across the cybersecurity community: 16 billion credentials leaked, allegedly from 320 million infected computers. But is that really the case?

Cyber Security News spoke with Alon Gal, CTO at Hudson Rock, who provided insight into the situation. According to Gal, the math simply doesn’t add up.

“On average, an infected device holds around 50 sets of credentials. Based on that, you’d estimate around 320 million machines compromised. But this conclusion doesn’t reflect reality,” Gal explained.

He clarified that the dataset in question is likely a mix of older credentials stolen by legacy infostealer malware, previously leaked database records, and even artificially generated data—similar to the widely discussed ALIEN TXTBASE compilation.

“These leaks often include minor variations in login details or passwords designed to power brute-force attacks more effectively,” Gal added.

The data dump includes files labeled generically as “logins” or “credentials,” alongside others marked by regional or service-specific identifiers. One dataset includes 455 million records tied to Russian Federation sources; another contains over 60 million Telegram-associated credentials.

While this isn’t a fresh breach, the damage potential is very real. These credentials have been quietly circulating across dark web forums for some time until now, when they’ve been compiled and exposed publicly.

This structured data gives cybercriminals the tools they need for:

  • Credential stuffing attacks
  • Business Email Compromise (BEC)
  • Targeted phishing campaigns
  • Ransomware intrusions
  • Identity theft

The inclusion of authentication tokens and session cookies within the leak is especially alarming. With these, attackers can access active user sessions without needing passwords, bypassing MFA and other login defenses altogether.

Even if less than 1% of the credentials are still valid, we’re talking millions of vulnerable accounts.

This massive exposure marks a fundamental shift in the cyber threat landscape. Credential harvesting has gone industrial. What used to be isolated leaks are now massive, organized datasets—weaponized for widespread attacks.

Organizations that still lack basic defenses like multi-factor authentication (MFA), regular credential rotation, or endpoint detection are sitting ducks.

What You Should Do

1. Lock Down Devices:

Infostealers typically infect via outdated software or vulnerable systems. Use EDR tools like Microsoft Defender or CrowdStrike to detect suspicious behaviors—keylogging, password harvesting, etc. Keep your OS, applications, and firmware fully patched.

Disable Office macros if unnecessary and enforce application whitelisting.

2. Strengthen Your Logins:

Require MFA on all accounts—especially admin, VPN, and cloud access.
Use strong, unique passwords via a password manager, and limit access to sensitive systems.

If you suspect a leak, reset credentials immediately, revoke sessions, and monitor login attempts using tools like Splunk or Azure Sentine

3. Monitor the Network:

Infostealers exfiltrate data over the internet. Use firewalls, DLP tools (e.g., Symantec), and intrusion detection systems to block data leaks

Implement DNS filtering and segment your network to prevent lateral movement and callbacks.

4. Be Ready to Respond:

Have a NIST-compliant incident response plan and rehearse it. Use SIEM tools and behavioral analytics to spot anomalies early.

If breached, isolate the infected machines, investigate with memory forensics tools like Volatility, and restore from clean backups.

What Should Users Do?

Security experts urge everyone to take immediate action:

  • Change passwords for all critical accounts, starting with email, banking, and social media
  • Use unique, strong passwords for each account
  • Enable multi-factor authentication (MFA) wherever possible
  • Consider using a password manager to generate and store secure passwords
  • Scan devices for infostealer malware before updating credentials

With 16 billion credentials exposed, vigilance is no longer optional, it’s critical for everyone.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates


Source link