In what cybersecurity experts are calling the largest credential breach in history, nearly 16 billion usernames and passwords have been leaked online, compromising user accounts on major platforms including Apple, Facebook, Google, GitHub, Telegram, and even government services.
The leak was uncovered by researchers at Cybernews, who confirmed the dataset includes more than 30 distinct breaches — each containing tens of millions to billions of records. Lead researcher Vilius Petkauskas warned that the data is “fresh, weaponisable intelligence,” not simply a rehash of older leaks.
Also Read: MoneyGram Suffers Cyberattack Compromising Sensitive Customer Data
Researchers say the breach includes email addresses, usernames, and passwords structured in a format that enables easy use in phishing attacks, identity theft, and automated account takeovers. Many of the compromised credentials are tied to still-active accounts across social media, developer tools, VPN services, and government websites.
Keeper Security, a prominent password management company, responded to the news by urging organizations and individuals to adopt stronger security practices such as multi-factor authentication and passkeys. “This level of data exposure presents a very real threat to global cybersecurity,” the company stated.
Experts believe the breach was orchestrated through a coordinated campaign using advanced infostealer malware. The dataset’s highly structured format, which includes source URLs alongside credentials, increases the risk of widespread exploitation if swift protective measures are not taken.
