🚨 URGENT: 16 BILLION passwords leaked!
If you use Google, Apple, Facebook, or Telegram—your login could be in hackers’ hands. TAKE ACTION NOW!✅ Change passwords IMMEDIATELY
✅ Use a password manager (like Kaspersky) for strong, unique passwords
✅ Turn on 2FA—hackers can’t… pic.twitter.com/yvU1ilNVrS— Kaspersky (@kaspersky) June 20, 2025
In an alarming discovery, cybersecurity researchers have identified a significant data breach that has resulted in the leakage of over 16 billion passwords. This breach, affecting platforms such as Google, Apple, Telegram, and various government agencies, stands as the largest data compromise in history. The datasets, uncovered recently, revealed an average of 550 million passwords per dataset.
These credentials were extracted through infostealing malware, targeting social media, corporate platforms, VPNs, and developer portals.
Well, that explains the traffic: 2.46M visitors to Have I Been Pwned in 24 hours, mostly from Google searches. The inbound traffic is near unprecedented, with only the Collection 1 credential stuffing list in Jan 2019 and the Facebook scrape in April 2021 coming close. pic.twitter.com/li7qvfy9tk
— Troy Hunt (@troyhunt) June 21, 2025
The breach encompasses 30 distinct datasets, some containing up to 3.5 billion records each, spanning accounts from GitHub, Telegram, and other services. This is not just a leak – it’s a blueprint for mass exploitation,” cybersecurity experts warned.
One million visitors to Have I Been Pwned in half a day. The “16B” breached records headlines are driving a lot of traffic, especially given we haven’t actually loaded any data! pic.twitter.com/gMMQIdQrqe
— Troy Hunt (@troyhunt) June 20, 2025
With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.
The majority of the leaked data includes information obtained from stealer malware, credential stuffing sets, and repackaged leaks. Typically, the datasets follow a consistent pattern, featuring a URL, username, and password, which mirrors the way infostealing malware collects and transmits data to hackers.
16 billion passwords exposed
Moreover, these datasets contained additional malicious tools such as tokens, cookies, and metadata, posing a significant risk to companies without multi-factor authentication. The exposed datasets are often exploited for phishing campaigns, ransomware attacks, business email compromise, and unauthorized account access. To mitigate the risk, Telegram emphasized that its primary login method relies on a one-time password delivered via SMS, making it less vulnerable compared to platforms that use static passwords.
For individuals concerned about their compromised information, installing reliable antivirus software and conducting thorough security scans is crucial. Additionally, services that monitor data breaches can help users check if their personal information has been exposed. It is also advised to use strong, unique passwords that combine letters and numbers to improve account security.
This massive breach follows previous incidents, such as last year’s “Mother of All Breaches,” which saw over 26 billion records leaked. The frequency and scale of these data breaches underscore the growing cybersecurity challenges globally. The cybersecurity community continues to stress the importance of robust security measures and vigilance to counteract these increasingly sophisticated cyber threats.
Deanna Ritchie is a managing editor at DevX. She has a degree in English Literature. She has written 2000+ articles on getting out of debt and mastering your finances. She has edited over 60,000 articles in her life. She has a passion for helping writers inspire others through their words. Deanna has also been an editor at Entrepreneur Magazine and ReadWrite.
