Security researchers have uncovered what appears to be one of the largest collections of stolen login credentials in history, exposing more than 16 billion usernames and passwords from major technology platforms including Apple, Google, and Facebook. The discovery, reported today by Cybernews, represents fresh data collected through malware rather than recycled information from previous breaches.
The breach provides cybercriminals with what researchers call "unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing".
The Cybernews research team identified 30 separate datasets containing between tens of millions and 3.5 billion records each, discovered since monitoring began in January12. Unlike previous major breaches that often recycle old information, only one dataset—containing 184 million records reported by Wired magazine in May—had been publicly disclosed before13.
"This is not just a leak – it's a blueprint for mass exploitation," researchers told Cybernews1. The credentials provide access to platforms ranging from social media and corporate systems to VPN services and government portals42.
The data appears structured for automated attacks, with uniform formatting showing platform URLs followed by usernames and passwords4. Researchers linked the breach to infostealer malware, which silently harvests credentials from infected devices along with session tokens, cookies, and metadata15.
The discovery surpasses recent major breaches in scope and recency. Last year's RockYou2024 compilation exposed 9.9 billion passwords, though that collection primarily contained previously leaked data12. Earlier this year, researchers identified the "Mother of All Breaches" containing 26 billion records, but that dataset was largely composed of older, recycled information3.
The fresh nature of the current breach poses particular risks for cryptocurrency users, as attackers could exploit cloud-stored recovery phrases or target custodial wallet services45. Tom's Guide reports that the structured data could enable "credential stuffing" attacks, where automated tools test stolen login combinations across multiple websites6.
Companies affected have not yet issued official statements4. Snapchat previously stated it found no evidence of direct system breaches when the smaller May dataset emerged, supporting theories that the data was harvested from individual users rather than corporate servers7.
"What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," the Cybernews team said6.
