Cybersecurity researchers uncovered a massive breach, with 16 billion passwords leaked in one of the biggest data exposures ever.
The data trove, revealed by the Cybernews research team, could grant cybercriminals access to a wide range of online services and personal accounts.
The researchers found 30 exposed datasets, each containing tens of millions to over 3.5 billion records.
Most of the data includes a URL followed by login credentials and passwords, a format commonly collected by infostealer malware.
Leaked Data Originates from Malware and Old Breaches
Cybernews said the datasets appear to be a mix of credential-stuffing compilations, stealer malware output, and previously repackaged leaks.
Researchers caution that some claims about stolen credentials from major platforms like Facebook, Apple, and Google exaggerate the facts.
“It’s hard to miss anything when 16 billion records are on the table,” the researchers noted.
However, the true number of unique records remains uncertain due to potential duplication across datasets.
Cybercriminals Could Use the Leak for Identity Theft and Phishing
Cybercriminals now have unprecedented access to personal information from the leak, enabling them to carry out account takeovers, identity theft, and phishing attacks.
Cybernews reported that security professionals may have compiled some of the data for monitoring, but cybercriminals almost certainly possessed some of the datasets.
Aggregated databases are especially valuable for criminals looking to scale their attacks.
How to Protect Yourself After a Breach
According to cybersecurity experts cited by CBS News, taking immediate action following a data breach is critical to safeguarding your personal information.
For those who struggle to memorise numerous complex passwords. A reliable password manager or the use of passkeys can simplify this task while greatly enhancing security.
These tools generate strong, unique passwords and store them securely.
In addition, enabling multifactor authentication, whether through a mobile phone, email, or a physical USB authenticator key, adds an essential second layer of protection.
This extra step makes it significantly more difficult for unauthorised users to access your accounts, even if they obtain your login credentials.
Maintaining strong cyber hygiene practices is essential today. Data breaches are becoming more common. Risks to personal privacy and financial security are higher than ever.
Have you ever checked whether a data breach leaked your passwords?
Let us know by leaving a comment below, or send a WhatsApp to 060 011 021 1.
Subscribe to The South African website’s newsletters and follow us on WhatsApp, Facebook, X, and Bluesky for the latest news.
