- Cybernews reports massive trove of credentials—16 billion entries—found from malware and leaks
No single company breach, but login data linked to Apple, Google, and Facebook included
Experts urge public to change passwords, enable 2FA, and adopt stronger digital hygiene
In a startling revelation, researchers at Cybernews have uncovered a staggering 16 billion login records circulating in a brief but alarming exposure online. The credentials — harvested largely from malware called "infostealers" and past data leaks — were found across 30 separate datasets, according to cybersecurity researcher Bob Diachenko.
The leaked records were reportedly hosted on insecure remote servers and became temporarily available before disappearing again. “It will take some time of course because it is an enormous amount of data,” said Diachenko, who downloaded the files and plans to notify affected parties.
Where did it come from?
Despite the scale of the exposure, Cybernews clarified that there was no centralized breach at major platforms such as Facebook, Google, or Apple. Instead, most of the compromised credentials appear to come from previously known breaches and infostealing malware. According to Diachenko, about 85% of the data stems from infostealers—malicious software that collects login details, cookies, and other browser metadata.
The rest reportedly derives from historic breaches, such as those involving LinkedIn. While researchers are still analyzing the files, some cybersecurity experts warn the dataset may include many repeated or already-circulating credentials, making verification difficult.
Why it matters
While the data may not be "new" to threat actors, the scale and structure of the leak — with clear login URLs, usernames, and passwords — underscore the continuing vulnerability of online users. Experts are advising immediate action:
Update passwords, especially on frequently used sites.
Use password managers to avoid credential reuse.
Enable multifactor authentication (MFA) wherever possible.
Consider passkeys, a more secure alternative to passwords backed by Google and Meta.
Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, cautioned that although this exposure isn't a novel threat, infostealer malware remains an active danger. “They don’t access accounts directly but scrape session cookies and saved data,” he said.
Tools and takeaways
Individuals worried about exposure can use platforms like haveibeenpwned.com to check if their email credentials have appeared in a known breach.
Peter Mackenzie from cybersecurity firm Sophos summed up the situation: “There is no new threat here—but a massive reminder. The sheer volume of available data highlights the importance of staying vigilant.”
Alan Woodward, a professor of cybersecurity, added that it’s time for everyone to do a little “password spring cleaning”, calling the exposure a wake-up call to embrace zero trust principles in digital security.