Cybernews analysts have recorded a massive data leak, resulting in over 16 billion passwords of users from leading online services, including Apple, Google, Facebook, GitHub, Telegram, and government portals, becoming publicly accessible. This incident has already been labeled the largest password leak in internet history.
This is reported by Finway
Scope and Features of the New Leak
Cybernews researcher Vilius Petkauskas reported that specialists discovered 30 separate datasets, each containing from tens of millions to over 3.5 billion records. A significant portion of the leaked information had not previously appeared in any known leaks, indicating its novelty and potential danger to users.
“This is not just a leak — it is a blueprint for mass exploitation. This is not repurposed old leaks, but new, extensive, vulnerable information,” experts noted.
According to specialists, the main threat lies in the structured nature of the leak: the data is presented in the form of URLs with logins and passwords, allowing malicious actors to quickly gain access to accounts on virtually any online platform. The leak was made possible by the activities of info stealers — malicious programs that steal users’ personal data.
Recommendations for Protecting Personal Data
Cybersecurity experts insist on immediately changing passwords for all critical services, implementing two-factor authentication, and using modern password managers. A gradual transition to passkeys — a new, more secure authorization format — is also recommended.
CEO of Keeper Security Darren Guccione emphasized that companies should adopt zero-trust models, which require access to systems only after passing authentication, authorization, and logging procedures.
Lead security consultant at KnowBe4 Yawad Malik stated:
“Cybersecurity is a shared responsibility. Organizations must protect users, and users, in turn, must remain vigilant and cautious.”
Experts warn that ignoring these recommendations could lead to new cyberattacks using the leaked passwords.
Earlier, in May 2025, a massive data leak at the cryptocurrency exchange Coinbase was reported, with losses reaching 400 million dollars. Following this incident, the U.S. Department of Justice initiated an investigation.