History’s Largest Data Leak: 16B Passwords Exposed
Published On: June 19, 2025
A staggering 16 billion login credentials have been exposed in what experts are calling the largest password leak in internet history. The breach affects accounts tied to major platforms like Apple, Google, Facebook, Telegram, GitHub, and even government services.
Cybernews researchers confirmed the breach after analyzing 30 massive databases, each containing millions or even billions of credentials. The information was discovered across unsecured cloud platforms such as Elasticsearch and object storage instances. The leak includes combinations of usernames, passwords, and access tokens, and many of the datasets had never been seen before.
The datasets appear to be the work of various infostealers, malware designed to extract login data from infected devices. While it’s unclear who compiled and controlled the datasets, experts say it’s likely that both security researchers and cybercriminals had access to the exposed files, at least temporarily.
One of the most alarming aspects of the breach is the range of services it touches. With credentials spanning everything from email accounts to developer tools, VPNs, and social media, the implications are far-reaching.
“Think of any major service,” said Vilius Petkauskas of Cybernews. “It’s probably in there.”
Keeper Security CEO Darren Guccione called the leak “a blueprint for mass exploitation,” pointing out that this kind of intelligence allows bad actors to launch highly targeted phishing attacks and account takeovers at scale.
Guccione warned that many businesses remain vulnerable because of poor password practices and misconfigured cloud environments. He urged organizations to adopt zero-trust policies, privileged access management tools, and real-time monitoring solutions. For everyday users, he recommended switching to password managers, enabling two-factor authentication, and moving toward passkeys, a more secure login method increasingly promoted by companies like Google and Apple.
The breach could have serious consequences for the cryptocurrency sector. Analysts have already flagged concerns about attackers using the data to hijack crypto wallets and gain access to cloud-based seed phrases.
So far, there’s no clear way for individuals to check if their specific credentials were exposed, but experts say that may change as more details emerge.
For now, security researchers are urging both users and companies to act fast—change passwords, review account activity, and bolster security before it’s too late.