Massive Data Breach Affects 16 Billion Credentials

Sophia Reyes · June 19, 2025 3:32 PM

A massive new data breach has come to light, revealing a staggering 16 billion fresh login credentials. Unlike many large-scale breaches that recycle previously leaked data, this one is mostly composed of entirely new, unreported databases.

Cybernews—the team known for identifying and cataloging major leaks—compiled this enormous collection. Only one subset, containing 184 million records, had been publicly reported before, as noted by Wired. The rest are new and sourced globally, including three massive batches with over a billion credentials each.

According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion.

The breach comprises multiple unrelated datasets discovered by security researchers since January. The largest batch, from Portuguese-speaking regions, contains 3.5 billion credentials. Other significant collections include logins linked to Russian accounts, Telegram users, and several generic datasets.

Unfortunately, the original owners of most of these data sets remain unknown. This makes it impossible to take targeted action to remove your data from these collections or to understand what cyberattacks may have been planned using this information.

As with all major breaches, this colossal leak is a clear warning to maintain good online hygiene: use strong, unique passwords and update them regularly. While this breach hasn’t yet gained the same attention as other high-profile leaks like RockYou2024 or the 26-billion MOAB breach, it still poses a significant threat.

Currently, popular tools and browsers that alert users to compromised accounts—such as Firefox, Chrome, and Cybernews’ leak checker—haven’t yet been updated with this data.

Large troves of stolen credentials like these are frequently exploited in phishing campaigns and other widespread attacks. So beyond updating your passwords, stay vigilant against phishing and scams, especially following news of cybersecurity incidents like this.

Disclaimer

The information provided in this article is for informational purposes only and does not constitute financial, investment, or trading advice. All stock data and market trends discussed are current as of the time of publication and are subject to change. Always conduct your own research or consult a licensed financial advisor before making any investment decisions. The author and publisher are not responsible for any losses incurred based on the information presented.