Passwords of around 16 Billion exposed in a data breach in 2025: Globally High Alert
Passwords of around 16 Billion exposed in a data breach in 2025: globally high alert.
“A massive infostealer breach exposed 16 billion logins, risking widespread phishing and identity theft; change passwords and enable MFA now.”
One of the largest password dumps in internet history has been validated by a startling new report. More than 16 billion login credentials were stolen in a historic breach discovered by Cybernews and Forbes, making it the largest leak ever documented. Right now, there is an incredible risk to global digital security because of this massive data leak.
Report
| Cybersecurity researchers found more than 16 billion stolen login credentials that were just put up for sale online. Experts say that if this trove is not dealt with, it could lead to phishing attacks, identity theft, and account takeovers all over the world, as per a report. |
WION, Report
| Since it creates the framework for widespread identity theft, account takeovers, and targeted phishing attacks, the breach is more than just a leak; it is a blueprint for mass exploitation, as per a report by WION. |
Infostealer malware was used to extract the data, which is brand-new, highly structured, and not the remains of previous breaches.
Forbes Report
| Researchers involved in an investigation that began early this year believe that several infostealers were responsible for the massive password leak. |
In this highly technologically evolved society, almost everything is at risk if a password is compromised.
| Google is advising billions of users to change their passwords to much more secure passkeys because of this. |
Merca20
| The FBI is cautioning people against clicking on links in SMS messages because of this. This is the reason why anyone with even a small sum of money can purchase stolen passwords on the dark web, as per a report by Merca20. |
Vilius Petkauskas, Cybernews
| 30 exposed datasets with tens of millions to over 3.5 billion records each have been found, bringing the total number of compromised records to 16 billion, according to Vilius Petkauskas at Cybernews. |
How did this password leak happen?
In the following ways, the password leak took place:
- Instead of being repurposed breaches, these credentials represent new, weaponizable intelligence at scale, making them an ideal target for phishing and account takeover attempts.
- Most of the data was arranged as a URL, which was followed by a password and login information.
- Access to practically every internet service, including those provided by Apple, Facebook, Google, GitHub, Telegram, and other governmental organizations, is possible through its contents.
- This is how modern infostealer activity is typically identified.
What can you do to stay safe?
You can follow the steps below to stay safe:
- Investing in password management software and dark web surveillance solutions is essential since these credentials have wide-ranging implications.
- People should use multi-factor authentication whenever feasible, choose strong, one-of-a-kind passwords, and be alert to any efforts to steal login information.
- Experts advise utilizing a password manager and, if possible, moving to passkeys, warning that this is the moment to treat the threat and its massive implications seriously.
Where did the leaked credentials come from?
The compromised credentials appear to have come from infostealer logs, repackaged breaches, and credential stuffing lists. These malicious software applications discreetly gather user credentials from compromised systems, upload them to services or databases controlled by malevolent actors, or inadvertently leave them exposed.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Information Disclosure Vulnerability
About Author
English