By rssfeeds-admin Security researchers have uncovered one of the largest data breaches in history, involving 16 billion login credentials across 30 distinct datasets.
This leak—primarily sourced from infostealer malware—exposes credentials for major platforms including Apple, Facebook, Google, GitHub, Telegram, and government services.
The data is fresh and highly structured, differing from recycled breaches, and creates a “blueprint for mass exploitation,” enabling phishing, identity theft, and account takeovers.
Technical Breakdown of the Breach
Researchers at Cybernews identified 30 datasets exposed via unsecured Elasticsearch instances and cloud storage since January 2025.
Key characteristics include:
| Dataset Feature | Details |
|---|---|
| Total Records | 16 billion |
| Dataset Size Range | Tens of millions to 3.5 billion records per dataset |
| Data Freshness | Newly harvested (not recycled from past breaches) |
| Primary Source | Infostealer malware (e.g., AgentTesla, Lumma, Vidar) |
| Structure | URL + username/email + password format |
| Notable Datasets | 3.5B records (Portuguese-speaking), 455M (Russian-linked), 60M (Telegram) |
Only one dataset (184 million records) had been previously reported; the remaining 29 were newly discovered.
The data’s recency and organization make it “weaponizable intelligence at scale,” with tokens and metadata amplifying risks for organizations lacking multi-factor authentication.
Global Implications and Mitigation
This breach fuels unprecedented cyber risks:
- Credential stuffing: Attackers use leaked credentials to hijack accounts across services.
- Phishing escalation: AI tools (e.g., deepfakes) leverage stolen data for targeted scams.
- Ransomware pathways: 54% of ransomware victims had credentials in infostealer logs.
Critical steps for protection:
- Immediate password reset for high-value accounts (email, banking, social media).
- Adopt passkeys or password managers to generate unique credentials.
- Enable multi-factor authentication universally to block unauthorized access.
The scale of this breach—equivalent to two credentials per person alive—underscores the critical need for enhanced credential hygiene and corporate security overhauls.
As infostealer malware surges (tripling in 2023–2024), proactive defense is non-negotiable.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post 16 Billion Passwords Leaked from Major Tech Platforms, Including Apple and Google appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.