Yep. You Read That Right—16 Billion Records Exposed

Published: Jul 28, 2025 on our newsletter Security Fraud News & Alerts Newsletter.

You've probably seen it in the news. The cybersecurity outlet Cybernews revealed a colossal compilation of 16 billion login credentials leaked online, making it one of the largest data exposures in history. This massive treasure trove, distributed across 30 separate datasets, includes usernames, passwords, session tokens, and metadata such as URLs—likely harvested via infostealer malware from infected machines.

What accounts were affected?

The leak isn’t tied to a single platform breach, but spans a wide array of services—including Apple IDs, Google accounts (Gmail/YouTube), Facebook, Instagram, Telegram, GitHub, and even government credentials. However, duplicates likely inflate that 16 billion figure, as there’s no way to know exactly how many unique accounts were compromised.

An infostealer is a type of malware that secretly sneaks onto your device and steals your personal information—like your logins, passwords, credit card numbers, and browser data, to name a few.

Think of it like a digital pickpocket: once it’s on your device, it quietly watches what you type and/or collects saved info. It then sends that data to hackers who can use it to steal your identity, break into your accounts, or sell your info online.

Infostealers often get in through fake emails or websites, via downloaded sketchy files or apps, or by clicking pop-ups or ads that hide malware. Infostealer toolkits deployed on malware-ridden devices secretly siphon information, enabling attackers to take over accounts—even bypassing multi-factor protections in some cases.

What you should do now.

• Change passwords on all critical services—prioritize email, banking, and social media.

• Use unique, strong passwords across platforms—never reuse them.

• Enable multi-factor authentication (MFA) everywhere. Most apps and websites offer this now.

• Regularly monitor accounts for suspicious activity.

• Ensure that antivirus/anti-malware is installed and kept updated. Perform regular scans to detect infostealer infections.

This massive discovery highlights the critical importance of cyber hygiene in the digital age. Whether you're a casual user or a business executive, these leaked credentials may already be circulating on the dark web. Prompt and proactive protection is essential—don’t wait for the next breach to strike.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com