In one of the largest data breaches in history, cybersecurity researchers have confirmed the leak of 16 billion login credentials, including passwords.
The information leak can open the door to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services”, according to a report in Forbes.
The development comes in the backdrop of multiple reports highlighting the presence of a “mysterious database” containing 184 million records — sitting unprotected on a web server.
The latest research suggests that it may have been just the tip of the iceberg.
As per the outlet, the researchers have uncovered 30 datasets, with each of them containing up to 3.5 billion records. The information, which includes social media and VPN logins as well as corporate and developer platforms, is contained in datasets that have been found since the start of 2025.
Researchers suggest that credential leaks at this scale can be exploited for phishing campaigns, account takeovers and business email compromise (BEC) attacks.
