In a cyber disaster unfolding in mid-June 2025, cybersecurity researchers uncovered a colossal leak of over 16 billion login credentials, spanning 30 distinct databases.

The haul includes freshly stolen usernames and passwords tied to major platforms—Apple, Google, Facebook, GitHub, Telegram—and even government services.

This isn’t old data resurfacing: investigators confirm it’s recent and highly “weaponizable.”

The leak originated not from direct corporate hacks but from infostealer malware, which silently harvested credentials from infected devices and uploaded them to unsecured storage.

The FBI and security experts warn that the scale of the breach makes it a “blueprint for mass exploitation,” empowering phishing, account takeovers, and identity theft.

Who’s affected?

Potentially billions worldwide—anyone with online accounts linked to the above-mentioned services. Overlapping account reuse means a single breach can unlock multiple services.

What you can do now:

1. Change all passwords—don’t reuse them.

2. Enable strong two-factor authentication (avoid SMS-only).

3. Use password managers and check if your data was leaked.

4. Shift to passkeys or biometric logins where possible.

5. Stay alert to phishing—don’t click on suspicious links.

This may be the largest credential breach ever. Take steps today to secure your digital life.