In what cybersecurity experts are calling the largest data breach in history, more than 16 billion login credentials have been discovered exposed online. The massive leak was uncovered by researchers from Cybernews as part of an ongoing investigation into compromised data sources.
The breach involves an unprecedented number of user records compiled in at least 30 separate datasets, each containing between tens of millions and over 3.5 billion entries. According to Cybernews, the leaked information includes email addresses, usernames, and passwords linked to major online platforms, including Apple, Google, Facebook, Telegram, GitHub, and several government services.
Researchers believe the data was likely collected using modern “infostealer” malware, which infiltrates devices and silently extracts login credentials. The structure of the leaked data — which typically begins with a website URL, followed by usernames and passwords — is consistent with the output of such malware.
“With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeovers, identity theft, and highly targeted phishing attacks,” the Cybernews team warned.
What makes this breach particularly alarming is that it does not appear to be a compilation of outdated or recycled leaks. Instead, the data is believed to be recent and highly exploitable. “This is fresh, weaponizable intelligence at scale,” the researchers emphasized.
While the origin of the breach is still under investigation, its scale has raised urgent concerns among cybersecurity professionals, tech firms, and privacy advocates. Many experts fear a surge in cyberattacks as hackers take advantage of the vast trove of stolen information.
Cybernews urged the public to take immediate action to safeguard their digital security. Recommendations include updating all passwords, using a password manager to generate strong, unique credentials, and enabling multi-factor authentication wherever possible. Users are also advised to run comprehensive antivirus and anti-malware scans to detect and remove infostealer software that may still be operating on their systems.
“This incident underscores the critical need for robust cybersecurity practices,” the researchers said. “Individuals, companies, and governments must all stay vigilant, because no one is immune.”
As authorities continue to assess the scope of the breach, cybersecurity firms worldwide are collaborating to analyze the datasets and alert affected users.
