Skip to content
 
Search

Latest Stories

Record-breaking data breach exposes 16 billion credentials, raising global cybersecurity concerns

The records, uncovered by researchers at 'Cybernews'

Record-breaking data breach

The data is spread across 30 different datasets

iStock
Gayathri Kallukaran
By Gayathri KallukaranJun 20, 2025
Gayathri Kallukaran
Gayathri Kallukaran is a Junior Journalist with Eastern Eye. She has a Master’s degree in Journalism and Mass Communication from St. Paul’s College, Bengaluru, and brings over five years of experience in content creation, including two years in digital journalism. She covers stories across culture, lifestyle, travel, health, and technology, with a creative yet fact-driven approach to reporting. Known for her sensitivity towards human interest narratives, Gayathri’s storytelling often aims to inform, inspire, and empower. Her journey began as a layout designer and reporter for her college’s daily newsletter, where she also contributed short films and editorial features. Since then, she has worked with platforms like FWD Media, Pepper Content, and Petrons.com, where several of her interviews and features have gained spotlight recognition. Fluent in English, Malayalam, Tamil, and Hindi, she writes in English and Malayalam, continuing to explore inclusive, people-focused storytelling in the digital space.
See Full Bio
Follow:

A massive new cybersecurity report has revealed what experts are calling the largest data breach in history, involving over 16 billion login credentials. The records, uncovered by researchers at Cybernews, appear to come from a variety of sources and have raised alarm bells across the tech and cybersecurity industries.

Unprecedented scale of exposure

The data is spread across 30 different datasets, with individual troves containing between tens of millions and more than 3.5 billion credentials each. In total, the exposed records add up to 16 billion, a staggering number that equates to more than two credentials for every person on Earth.

Most of these credentials appear to have been collected through infostealer malware and other illicit methods. These tools typically capture usernames, passwords, tokens, cookies, and other metadata from compromised systems, packaging the data in a uniform structure, typically a URL followed by login details and passwords.

Not old data, but fresh and dangerous

What makes this breach especially concerning is the recency of the data. Researchers confirm that the datasets are not simply recycled from old breaches, but largely consist of new logs collected in recent months. Many include access credentials to services such as Apple, Facebook, Google, GitHub, Zoom, and Telegram.

Although some of the login pages referenced in the data are from popular global platforms, cybersecurity researcher Bob Diachenko clarified there was no centralised data breach at these tech giants. Instead, credentials linked to their login portals were likely captured via infostealers installed on individual users’ devices.

Multiple datasets, unclear ownership

The 30 datasets uncovered differ significantly in size and origin. The largest, containing over 3.5 billion records, is suspected to be linked to Portuguese-speaking regions. Other datasets hint at Russian sources or specific platforms like Telegram. Many have generic names such as “logins” or “credentials”, providing little insight into their exact source.

Despite the vast quantity of data, the researchers have been unable to identify a single entity behind the breach. It remains unclear whether the datasets were compiled by security researchers monitoring for leaks or by cybercriminal groups aggregating stolen information for exploitation.

While the datasets were only briefly exposed — typically via unsecured Elasticsearch or cloud storage instances — this short window was enough for experts to confirm their contents and raise concerns.

A blueprint for cybercrime

Experts warn that this is not merely a leak, but “a blueprint for mass exploitation.” The exposed credentials, which include sensitive data such as tokens and cookies, could be used for a range of attacks: from account takeovers and identity theft to ransomware campaigns and targeted phishing.

This kind of large-scale credential exposure is particularly dangerous for organisations lacking robust cybersecurity measures, including multi-factor authentication (MFA). Without these defences, hackers could easily use stolen credentials to breach systems and escalate attacks internally.

How users and organisations can respond

With the source of the leak uncertain and the extent of the damage unclear, there are few direct actions individuals can take. However, cybersecurity experts strongly recommend several key practices:

  • Use a password manager to generate and store strong, unique passwords for each service.
  • Enable multi-factor authentication (MFA) wherever possible.
  • Regularly review accounts for unauthorised activity.
  • Run regular malware scans to detect and remove infostealers.

Diachenko, who contributed to the Cybernews report, stressed that while the breach doesn’t indicate failures at platforms like Facebook or Google, it still poses a widespread risk. “Credentials we’ve seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages,” he noted.

This implies that while the platforms themselves may be secure, any user who has been compromised by infostealer malware could unknowingly provide cybercriminals access to those services.

A reminder of growing data breach risks

This record-setting exposure is just the latest in a growing trend of large-scale data breaches. The fact that datasets of this size continue to emerge, often unnoticed for months, highlights the evolving nature of cybersecurity threats.

As digital services become more embedded in daily life, the potential fallout from data breaches expands. This incident serves as a stark reminder of the need for vigilant data hygiene, both for individual users and the organisations that serve them.

centralised breachcybersecurity reporttech industrylargest breachappledata breaches

Related News

Starlink
Business

Starlink gets final clearance to launch in India

Pakistan rejects claim of China’s role in border clash
Asia

Pakistan rejects claim of China’s role in border clash

Modi courts Latin nations to expand trade relations
Asia

Modi courts Latin nations to expand trade relations

More For You

LET Mining: The world's leading cloud mining platform, the best way to earn passive income

LET Mining: The world's leading cloud mining platform, the best way to earn passive income

Today, as the digital economy continues to evolve, passive income is no longer a wealth tool exclusive to the rich, but something that everyone can touch and participate in. With the integration of blockchain technology and green energy, LET Mining is providing global users with a new way of passive income: no operation, zero technical threshold, and daily income.

What is LET Mining?

LET Mining is an innovative cloud mining service platform that simplifies the complex cryptocurrency mining process into a few simple steps through cloud computing technology, allowing ordinary users to easily participate in digital currency mining and obtain stable passive income without purchasing expensive hardware equipment or mastering professional technical knowledge.

Keep ReadingShow less
JLR Tata

A logo is pictured outside a Jaguar Land Rover new car show room in Tonbridge, south east England.

JLR Q1 sales dip as US tariffs hit exports

Jaguar Land Rover (JLR) reported a 10.7 per cent drop in sales for the April–June quarter, as a temporary pause in shipments to the United States and the phase-out of Jaguar’s legacy models weighed on volumes.

The company, owned by India’s Tata Motors, sold 87,286 units to dealers worldwide during the quarter, compared to 97,755 units in the same period last year.

Keep ReadingShow less
Bangladesh seeks US deal to shield garment industry from tariffs

Workers are engaged at their sewing stations in a garment factory in Savar, on the outskirts of Dhaka, on April 9, 2025. (Photo by MUNIR UZ ZAMAN/AFP via Getty Images)

Bangladesh seeks US deal to shield garment industry from tariffs

BANGLADESH, the world's second-biggest garment manufacturer, aims to strike a trade deal with the US before Donald Trump's punishing tariffs kick in next week, said the country's top commerce official.

Dhaka is proposing to buy Boeing planes and boost imports of US wheat, cotton and oil in a bid to reduce the trade deficit, which Trump used as the reason for imposing painful levies in his "Liberation Day" announcement.

Keep ReadingShow less
UK business district
The Canary Wharf business district including global financial institutions in London.
Getty Images

Bond yields ease following Starmer’s support for Reeves

THE COST of UK government borrowing fell on Thursday, partially reversing the rise seen after Chancellor Rachel Reeves became emotional during Prime Minister’s Questions.

The yield on 10-year government bonds dropped to 4.55 per cent, down from 4.61 per cent the previous day. The pound also recovered slightly to $1.3668 (around £1.00), though it did not regain all its earlier losses.

Keep ReadingShow less
modi-trump-getty
Modi shakes hands with Trump before a meeting at Hyderabad House in New Delhi on February 25, 2020. (Photo: Getty Images)
Getty Images

Indian exporters watch closely as Trump says trade deal with India likely

THE US could reach a trade deal with India that would help American companies compete more easily in the Indian market and reduce tariff rates, President Donald Trump said on Tuesday. However, he cast doubt on a similar deal with Japan.

Speaking to reporters on Air Force One, Trump said he believed India was ready to lower trade barriers, potentially paving the way for an agreement that would avoid the 26 per cent tariff rate he had announced on April 2 and paused until July 9.

Keep ReadingShow less
© Copyright 2025 Garavi Gujarat Publications Ltd & Asian Media Group USA Inc