Researchers Discover Massive Data Leak Exposing 16 Billion Login Credentials

Cybersecurity researchers have discovered one of the largest breaches in history, involving several collections that expose over 16 billion login credentials from multiple online platforms, including Facebook, Apple, GitHub, and Google.

According to a report by Cybernews, its team of experts suspects that some of these collections—which include over 30 datasets with an average of 550 million records—belong to cybercriminals. The datasets vary significantly in size and language, with some in Portuguese and Russian. Researchers determined that most of the data originates from various infostealers—malicious software used to harvest sensitive information.

Cybernews’ research team explained that none of the discovered collections had been previously disclosed, except for one: the massive unsecured database that leaked 184 million login credentials reported a few days ago. However, the newly discovered collection includes an even larger dataset, such as one with more than 3.5 billion records.

The cybersecurity experts shared their thoughts and concerns about this colossal discovery and its implications.

This is not just a leak – it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.

The experts also explained that massive datasets continue to emerge every week, highlighting just how powerful modern infostealers have become. Fortunately, many of the exposed credentials appear to have been only temporarily accessible.

Although it’s impossible to determine exactly how many people were affected—as the different datasets could not be compared—most of them had a similar structure: URL, login information, and password. That order suggests that actors gathering the collections used modern infostealers.

Researchers warned that this large collection of login credentials could be used for multiple attacks, including phishing campaigns, ransomware intrusions, account takeovers, and business email compromise.

“The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,” added the team.