Researchers announced the discovery of what seems to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed online. The ongoing investigation, which began earlier in 2025, suggests that the credentials were collected through multiple infostealer malware strains.
The report published by CyberNews, says:
- The records are scattered across 30 different datasets, and some records are or might be overlapping
- The data most likely comes from various infostealers
- The data is recent, not merely recycled from old breaches
The data, structured by URL, login, and password, targets services like Apple, Google, Facebook, Telegram, GitHub, and some government portals.
The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances.
How should we all boost our online protection?
- Use long and complex passwords
- Enable multi-factor authentication (MFA) whenever it is offered
- Use biometric authentication if available, such as fingerprint recognition and facial scan
- Use password managers
- Change old passwords to stronger passwords
- When you receive a text message or an email, don’t trust anyone
Read more about it here.