World
• Researchers found 30 datasets exposing billions of logins from global platforms and services
• Information came from infostealer malware and leaked on unsecured online storage systems
• Exposed data includes major services like Apple, Facebook, Google, and government portals
A massive data leak has exposed over 16 billion login credentials, making it one of the largest breaches ever recorded. The credentials were found by the Cybernews research team across 30 separate datasets, each containing anywhere from tens of millions to more than 3.5 billion records.
The leaked data includes usernames, passwords, cookies, and other metadata typically harvested by infostealer malware. These programmes steal personal information from devices and package it into structured datasets—most of which include a URL followed by login details and a password.
“This is not just a leak – it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing,” researchers said. “What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”
Information in the leaked datasets opens the doors to practically every major online service imaginable. Platforms such as Apple, Facebook, Google, GitHub, Telegram, and even government services are among those affected. With 16 billion records exposed, few services appear untouched.
Most of the datasets were accessible only briefly, just long enough for researchers to find them. They were stored on unsecured systems like open Elasticsearch instances or cloud-based object storage. However, researchers were unable to identify who was controlling or collecting the vast volumes of data.
The datasets varied in size and naming. One of the smallest, named after malware, contained over 16 million records. The largest—likely connected to the Portuguese-speaking population—held over 3.5 billion records. A set with 455 million records appeared to originate from the Russian Federation, while another with over 60 million records referenced Telegram.
Some of the names offered hints about the origins of the data, though many were too generic—like “logins” or “credentials”—to reveal much. Still, the presence of structured data and modern infostealer logs suggests the threat is ongoing and current.
“The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,” the team said.
How to Protect Yourself
Experts warn that while you may not know if your data was included, there are critical steps you can take:
• Change your passwords immediately – Focus first on emails, banks, and cloud accounts. Use strong, unique combinations for each platform.
• Enable multi-factor authentication (MFA) – This adds a layer of protection even if your password is stolen.
• Use a password manager – These tools create and store secure passwords so you don’t reuse weak ones.
• Scan your devices for malware – Infostealers may still be active. Use trusted antivirus software to scan and remove threats.
• Check if your data was leaked – Use trusted sites like haveibeenpwned.com to see if your email or passwords were exposed.
• Watch for phishing attempts – Be cautious of emails or texts that ask for login details or financial info.
• Review recent logins – Most major services let you see where your account was last accessed. Look for anything unusual.
Although it’s unclear who owns these datasets, the threat they pose is real. Practising basic cyber hygiene remains your best defence.