16 billion passwords leaked in largest data breach ever, cybersecurity experts issue wake-up call

Researchers have confirmed the largest data breach ever, with almost 16 billion login credentials, including passwords, being exposed. Researchers part of an investigation that started early this year suggest that the massive password leak is the work of multiple infostealers, said a Forbes report. If a password gets compromised, it leads to the compromise of almost everything in this technological-centric world. And that’s’ why Google is telling billions of users to replace their passwords with much more secure passkeys. It’s why the FBI is warning people not to click on links in SMS messages. It’s why stolen passwords are up for sale on the dark web to anyone with even a little amount of cash.

According to Vilius Petkauskas at Cybernews, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, the number of compromised records has now hit 16 billion, making it the largest such leak in history.

None of these datasets were reported as leaked previously, so this is all new data.

“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said.

“These credentials are ground zero for phishing attacks and account takeover. These aren’t just old breaches being recycled, this is fresh, weaponizable intelligence at scale,” they warned.

Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information in it opens the door to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”

‘Always choose strong passwords’

The credentials in question are of high value for widely used services and carry far-reaching implications, and hence it is highly important to invest in password management solutions and dark web monitoring tools. The latter helps by alerting users when their passwords get exposed online, hopefully enabling them to take direct action and update their account logins if the password has been reused across services.

‘Never share your passwords’

The massive leak and its implications reinforce that cybersecurity is not just a technical challenge but a shared responsibility. People need to remain vigilant and mindful of any attempts to steal login credentials. They should choose strong and unique passwords and implement multi-factor authentication wherever possible.

Experts suggest using a password manager and switching to passkeys wherever possible and warn that now is the time to take the threat and its humongous risks seriously.