A STAGGERING 16 billion login credentials have been exposed and compiled into datasets available online, granting cybercriminals “unprecedented access” to everyday user accounts, according to researchers from cybersecurity publication Cybernews.
AP reported today that the revelation comes from a recent Cybernews report, which details the discovery of 30 datasets, each containing large volumes of compromised usernames and passwords, spanning major platforms such as Google, Facebook and Apple.
“To put it into perspective, 16 billion is nearly double the world’s current population,” the researchers noted, suggesting that many individuals have had multiple accounts exposed. However, Cybernews added, “it’s impossible to tell how many people or accounts were actually exposed” due to likely duplication within the data.
The leak does not stem from a single security breach but rather appears to be the result of multiple cyberattacks over time, with data amassed, collated, and briefly exposed online. This is when Cybernews researchers were able to access and analyse the information.
The most probable culprits are infostealers — malicious software designed to infiltrate devices or systems to extract sensitive information. These types of malware are often spread through phishing attacks, malicious websites, or compromised downloads.
Uncertainty remains over who currently holds the data or how it might be used, but experts continue to stress the importance of practising good “cyber hygiene” in the face of rising global data breaches.
For those concerned that their login information may have been compromised, cybersecurity professionals recommend immediately updating passwords — and ensuring that the same password is not reused across multiple accounts. Using a password manager or passkey system can help users maintain strong, unique passwords. Additionally, activating multifactor authentication provides an essential second layer of protection, using verification through a mobile device, email or a USB security key.
With digital threats continuing to evolve, the latest findings serve as a sobering reminder of the importance of proactive personal cybersecurity. – June 21, 2025
