Catenaa, Friday, June20, 2025-A previously unreported data breach has exposed more than 16 billion login credentials from popular platforms including Google, Facebook, Telegram, and GitHub, marking one of the largest collections of stolen personal data ever discovered.
Investigators from Cybernews traced the data to a combination of info-stealer malware logs, credential stuffing databases, and prior leaks, warning the breach provides a “blueprint for mass exploitation.”
The exposed information gives cybercriminals unprecedented access for account takeovers, identity theft, and phishing attacks.
The datasets, containing entries ranging from tens of millions to billions, were briefly accessible via unsecured cloud storage before being removed. The responsible parties remain unknown.
Experts say the breach mainly threatens users who do not employ strong cybersecurity measures such as multi-factor authentication (MFA) or passkeys, which offer robust protection by requiring additional identity verification or cryptographic keys instead of passwords.
Users relying on MFA apps like Google Authenticator are less likely to be compromised.
The breach highlights ongoing cybersecurity challenges as attackers increasingly use sophisticated malware and tactics to gather sensitive data. It also follows recent high-profile crypto-related cyberattacks, including a $90 million theft from Iran’s largest crypto exchange by a pro-Israel hacking group.
