Guwahati: Cybersecurity researchers have uncovered a vast database of over 16 billion usernames and passwords, representing the largest data breach on record, according to Cybernews.
These login details were stolen by cybercriminals using malware that targets information from social media, corporate websites, VPNs, and developer platforms.
Ready for a challenge? Click here to take our quiz and show off your knowledge!
The team discovered 30 different datasets, each containing millions to billions of records. These include accounts from major companies such as Google, Apple, Facebook, GitHub, and Telegram. Most of these datasets were new to the researchers, except for one containing 184 million passwords that had been reported previously.
Experts warn this is more than just a data leak. It is a blueprint for mass exploitation. Criminals can use this information for identity theft, account takeovers, and targeted phishing attacks. What is particularly worrying is that this data is recent and well-organized, not just old information being reused.
The datasets were briefly available online through unsecured storage, allowing researchers to find them but not trace who controlled the data.
Ready for a challenge? Click here to take our quiz and show off your knowledge!
Most of the leaked data includes URLs, usernames, and passwords, which is the typical format used by malware to collect and transmit stolen information. Due to overlaps with other breaches, it is difficult to determine exactly how many individuals were affected.
Stolen credentials are frequently used in phishing, ransomware attacks, email fraud, and account takeovers. Some datasets also included security tokens and other sensitive information, posing significant risks for companies that lack additional safeguards such as multi-factor authentication.
To stay protected, cybersecurity experts recommend using trusted antivirus software, running full system scans regularly, and avoiding simple passwords like “12345678” or “password.” Services such as Google One’s “Dark Web Report” can also help users check if their data has been compromised.