A major data breach has shaken the internet after researchers working with Cybernews discovered over 16 billion leaked credentials. These credentials come from major platforms like Google, Apple, Meta (Facebook), and many others. This is the largest breach ever discovered.
A lot of details have been linked, including real usernames, passwords, cookies, and metadata, all neatly organized and ready for hackers to use. According to researcher Vilius Petkauskas, these details are clean and organized, most of them have never been seen before, meaning hackers could easily use them with hacking tools.
Researchers found 30 large files, each containing from millions to billions of records. One file has over 3.5 billion passwords. Only one of the 30 files had been shared before. The rest are all new files.
These records could unlock personal emails, social media, and even government systems, making the situation more dangerous. Those at the highest risk are cryptocurrency users. If hackers can access their emails, they can reset passwords and take over their cryptocurrency accounts.
Some wallets also store keys or recovery phrases in cloud services. If attackers find those, they can steal money immediately. This could even lead to more targeted hacks and scams.
Binance founder Changpeng Zhao (CZ) reacted to the news on X, posting: “That’s 2 passwords for every person on this planet. Use a different password for each website and hopefully a different email address as well. And use hardware 2FA devices!” His point was that people should update their credentials and add additional layers of protection.
The leaked credentials also include logins to tools like GitHub, Telegram, VPNs, and developer portals, which could lead to larger cyberattacks on companies.
Security expert Darren Guccione, CEO of Keeper Security, said this shows how poor cloud security still is. "This might just be the tip of the largest security iceberg," he warned.
Researchers stated that the data was likely stolen using infostealer malware rather than from public leaks. The breach affects individuals and companies worldwide. People are advised to change their passwords, avoid reusing them, and enable two-factor authentication.