16 billion login credentials leaked in unprecedented breach—Apple, Google at risk

Cybersecurity experts have uncovered one of the largest data breaches ever recorded—16 billion login credentials stolen and exposed online. The leaked data, which includes passwords, email addresses, and sensitive account details, threatens users of major platforms like Apple, Google, Facebook, GitHub, Telegram, and even government services.

Researchers warn that the sheer scale of this breach makes it a goldmine for hackers, enabling everything from phishing scams to corporate espionage. With 16 billion login credentials now circulating on the dark web, experts are urging immediate password changes and two-factor authentication (2FA) enablement.

30 datasets uncovered, each with up to 3.5 billion records

According to Forbes, the breach is massive, and, more worrying, it is still ongoing. Investigations reveal 30 separate datasets, some containing over 3.5 billion records each, all leaked since early 2025. These datasets include:

• Social media logins (Facebook, X, Instagram)

• Corporate and developer accounts (GitHub, Microsoft, AWS)

• VPN and email credentials

• Government and financial service logins

“This isn’t just recycled data from old breaches,” said one cybersecurity analyst. “We’re looking at fresh, weaponizable intelligence that hackers can exploit right now.”

The discovery follows earlier reports of a mysterious, unprotected database holding 184 million records. Experts now believe that was just a small fraction of the total breach.

“A blueprint for mass exploitation”: why this breach is different

Unlike past leaks, the exposure of 16 billion login credentials isn’t just about stolen passwords—it’s a systematic threat to global digital security.

• Phishing campaigns will surge, with hackers using real credentials to trick users.

• Business email compromise (BEC) attacks could drain corporate accounts.

• Account takeovers may lead to identity theft, fraud, and ransomware attacks.

“This leak is a cybercriminal’s dream,” warned a researcher. “With 16 billion login credentials available, attackers can bypass security measures and infiltrate almost any online service.”

Who’s affected? How to protect yourself

While the full list of impacted services remains under investigation, experts confirm that major tech giants, banks, and government portals are at risk. If you’ve reused passwords across sites, your accounts could be especially vulnerable.

Critical steps to secure your data:

1. Change passwords immediately—especially for email, banking, and social media.

2. Enable two-factor authentication (2FA) wherever possible.

3. Use a password manager to generate and store unique passwords.

4. Monitor accounts for suspicious activity.

5. Beware of phishing emails—hackers may use stolen data to craft convincing scams.

Is this the biggest breach in history?

The exposure of 16 billion login credentials dwarfs previous leaks, including Yahoo’s 3 billion accounts (2013) and Collection #1’s 773 million emails (2019).

What makes this breach uniquely dangerous is its recency and scale. Unlike older leaks, these credentials are actively being traded among cybercriminals, increasing the risk of real-time attacks.

What’s next? Cybersecurity experts sound the alarm

Governments and tech firms are scrambling to assess the damage, but the 16 billion login credentials leak underscores a harsh reality: no platform is truly safe.

“Users must assume their data is compromised and act accordingly,” said a leading cybersecurity firm. “This breach isn’t just a wake-up call—it’s a five-alarm fire for digital security.”

As investigations continue, one thing is clear: the age of mega-breaches is far from over.