top of page
OutSystems-business-transformation-with-gen-ai-ad-300x600.jpg
OutSystems-business-transformation-with-gen-ai-ad-728x90.jpg
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Record-breaking data breach with 16 billion passwords surfaces online

  • Marijan Hassan - Tech Journalist
  • 3 days ago
  • 2 min read

In one of the largest data exposures in history, cybersecurity researchers have uncovered a staggering 16 billion stolen login credentials across 30 unreported datasets. The discovery, led by the Cybernews research team and contributor Bob Diachenko, reveals a shift in how stolen data is being channeled. From isolated leaks to massive, centralized repositories of sensitive information.

Cybernews researcher Aras Nazarovas called the shift “a wake-up call” for defenders. He also warned that exposed cookies and tokens could allow attackers to bypass two-factor authentication and hijack accounts even after passwords are changed.


The datasets include credentials from virtually every corner of the internet - Apple, Google, Facebook, Telegram, GitHub, Zoom, and government services among them. “This is not just a leak – it’s a blueprint for mass exploitation,” researchers warned. “These aren’t recycled breaches. This is fresh, weaponizable intelligence.”


Leaked data collected via infostealer malware

Most of the exposed data was harvested by infostealer malware. That is malicious software designed to extract login credentials, cookies, tokens, and session data from infected systems. The structure of the data was consistent, login URLs followed by usernames and passwords.


Although some records may be duplicated across datasets, the presence of recent infostealer logs indicates that millions of individuals and organizations remain at risk, especially those without multi-factor authentication or proper credential hygiene.


Despite media speculation, no centralized breach occurred at tech giants like Apple, Google, or Facebook. However, credentials tied to these platforms do appear in the stolen datasets.


“The inclusion of login pages for major platforms doesn’t prove a breach,” Diachenko clarified. “But it shows how far-reaching the impact of infostealer malware really is.”


What you can do to stay safe

Experts urge users to take immediate precautions:

  • Change passwords across all online accounts, especially reused ones

  • Enable 2FA wherever possible

  • Monitor accounts for suspicious activity

  • Avoid storing credentials in browsers or unsecured apps

  • Run antivirus scans to check for infostealer infections

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page