Security researchers have uncovered an unprecedented data breach involving 16 billion login credentials across 30 databases, potentially affecting users of major platforms including Facebook, Instagram, Gmail, Apple, and countless other services. The discovery, made by CyberNews researchers during an ongoing investigation since January 2025, represents what could be the largest credential leak in history.The massive trove of stolen data was briefly accessible through unsecured databases before being locked down, though researchers were unable to identify the owners. Most concerning is that virtually all datasets were previously unreported, with only one 184-million-record database having been disclosed before by Wired magazine in May.
Facebook, Instagram, and Gmail among compromised platforms
The leaked credentials span virtually every major online service imaginable, creating a “blueprint for mass exploitation,” according to the research team. The databases contain login information for social media giants like Facebook and Instagram, email services including Gmail, developer platforms such as GitHub, messaging apps like Telegram, VPN services, and even government portals.Each record typically follows a standard format: website URL, username, and password. This structure matches the collection methods used by infostealer malware, malicious software designed to harvest sensitive information from infected devices.
Fresh stolen data could fuel next wave of online crime
Unlike recycled data from old breaches, researchers emphasize this represents “fresh, weaponizable intelligence at scale.” The credentials provide cybercriminals with unprecedented access for account takeovers, identity theft, and highly targeted phishing campaigns that can devastate both individuals and organizations.CyberNews researchers warn that new massive datasets emerge every few weeks, highlighting the pervasive nature of infostealer malware in today’s digital landscape. The inclusion of recent logs with tokens, cookies, and metadata makes this data particularly dangerous for organizations lacking multi-factor authentication.
Immediate action required for all users
With approximately 5.5 billion people having internet access globally, the breach potentially affects multiple accounts per person. Security experts recommend immediate password changes across all online accounts, enabling multi-factor authentication wherever possible, and using password managers to generate unique, strong passwords.Users are also advised to regularly monitor their accounts and consider using services like “Have I Been Pwned” to check if their credentials have been compromised.