In early 2025, a massive data breach exposed login credentials from major tech platforms including Apple, Facebook, and Google. Researchers have since discovered that more than 16 billion login details were compromised.

Exposed Datasets

A total of 30 datasets containing tens of millions to over 3.5 billion records have been uncovered. These records include credentials from social media, virtual private networks (VPNs), developer portals, and user accounts for a wide range of services.

Format and Usage

The leaked data is mostly structured as URLs followed by login details and passwords. These credentials are used across various online services, such as Apple, Facebook, Google, GitHub, Telegram, and numerous government services.

Cyber Threats

This breach could lead to phishing attempts, account takeovers, ransomware attacks, and business email compromise (BEC) scams. The FBI warns about suspicious SMS messages containing links that may be related to these threats.

Shared Cybersecurity Responsibility

Experts stress the importance of using password management solutions and dark web monitoring tools. Basic security practices, like not reusing passwords across multiple sites, are crucial.

Securing credentials is a shared responsibility between organizations and individuals. Companies should protect their users, while people must remain vigilant against attempts to steal login information.

Moving towards more secure passwordless authentication methods, such as passkeys, is recommended. Password managers can help generate strong passwords, store them securely, and alert users in case of a breach.

Previous Incidents

This incident follows a similar data breach from May 2025, where over 184 million account credentials were found in an online database. The earlier report revealed that these included usernames, passwords, emails, and URLs for social media apps and websites, as well as financial accounts, health platforms, and government portals.