In what’s being called one of the biggest data breaches in internet history, security researchers have discovered over 16 billion usernames and passwords exposed online. This includes login details from popular services like Apple, Gmail, Facebook, Telegram, and even sensitive platforms like corporate and government portals.
According to Cybernews, researchers found at least 30 large datasets this year alone. Each dataset includes up to 3.5 billion login details. Researchers believe this is not just a leak, it’s a potential blueprint for mass cyberattacks and identity thefts.
“This is not just a leak, it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What’s especially concerning is the structure and recency of these datasets — these aren’t just old breaches being recycled. This is fresh, weaponisable intelligence at scale,” researchers were quoted as saying in the report.
The data was collected using infostealer malware, a type of software that secretly steals information from infected devices or poorly protected servers. What makes this data breach even more dangerous is that the leaked information is well-organised. Each file neatly lists the website, username and password, making it easy for hackers to use.
One file with 455 million records appears to be linked to Russia, while another file with 60 million credentials is connected to Telegram. Although these files were only available online briefly, that was enough time for cybercriminals to download and save them for future use.
With the huge amount of data in the wrong hands, many people are now at risk of being hacked, scammed or impersonated online.
Also read: Meta wanted to buy OpenAI co-founder’s startup but settled for hiring its CEO: Report