Cybersecurity experts have found a massive and mysterious database containing around 16 billion stolen login credentials, making it one of the biggest data breaches ever recorded. The leaked data includes sensitive information from some of the world’s top tech companies like Apple, Facebook, Google, and even government websites across different countries.
This massive breach has raised serious concerns about online safety. Hackers may now have access to private login details, which could lead to identity theft, account takeovers, and phishing attacks.
The discovery was made by researchers at CyberNews, who revealed that the leaked data came from various sources. These include past data leaks, malware that steals information from devices, and repackaged data collected by cybercriminals. Since the start of this year alone, experts have found 30 separate datasets, each containing tens of millions to over 3.5 billion records—bringing the total to nearly 16 billion leaked credentials.
This breach didn’t just affect a single platform or country. It targeted a wide range of services—from social media platforms and developer tools to VPNs, corporate systems, and even government portals. Big names like GitHub and Telegram are also on the list of affected services.
What’s more alarming is that most of these datasets were not found in earlier breaches, which means a majority of this data is new. The stolen data is organised in a clear pattern, usually listing the website first, followed by usernames and passwords. This format is commonly used by cybercriminals to make the data easier to use and sell.
The smallest batch of data held over 16 million login credentials, while the largest had more than 3.5 billion. On average, each set contained about 550 million stolen logins.
This breach is a wake-up call for everyone. People are being urged to change their passwords, enable two-factor authentication, and stay alert to suspicious emails or messages to protect themselves from potential cyber attacks.
