Massive Password Database Exposes 16 Billion User Credentials

by Hannah / Jun 20, 2025 12:17 PM EDT

Security researchers have discovered 30 databases containing over 16 billion stolen login credentials, though experts debate whether this represents fresh data or recycled old breaches.

Cybernews researchers, working with security expert Bob Diachenko, found the exposed databases containing login credentials for major platforms including Apple, Google, Facebook, and Telegram. The databases were briefly accessible online before being secured.

"There was no centralized data breach at any of these companies," Diachenko clarified. Instead, "credentials we've seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages" - meaning the data came from malware on users' devices, not company breaches.

The 30 datasets varied dramatically in size:

Largest: 3.5 billion records (linked to Portuguese-speaking users)
Telegram-related: 60 million records
Russian Federation-related: 455 million records
Total: 16 billion credentials across all databases

Security publication BleepingComputer argues this isn't a new breach at all, stating the data "was likely circulating for some time, if not for years" and was "collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database".

However, Cybernews maintains "the data is recent, not merely recycled from old breaches" and represents fresh intelligence gathered by infostealer malware.

Infostealer malware infects devices through phishing emails, malicious downloads, or compromised websites. Once installed, it silently harvests:

Saved passwords from browsers
Session cookies and tokens
Autofill data
Cryptocurrency wallet information

Cybernews researcher Aras Nazarovas noted that cybercriminals are "actively shifting from previously popular alternatives such as Telegram groups" to centralized databases for storing stolen credentials.

What You Should Do

Immediate steps:

Change passwords for important accounts (email, banking, social media)
Enable two-factor authentication everywhere possible
Scan your device for malware before changing passwords
Monitor accounts for suspicious activity

Important note: Some exposed datasets included "cookies and session tokens, which makes mitigation more difficult" since "these cookies can often be used to bypass 2FA methods".

This discovery highlights how credential theft has become industrialized. Recent reports show infostealer malware infected 4.3 million devices in 2024, with 330 million credentials stolen. The stolen data gets sold on dark web markets, making sophisticated cyberattacks accessible to less skilled criminals.

Whether this 16 billion credential collection is truly new or just old data repackaged, its massive scale demonstrates why traditional passwords are failing as a security measure. Companies are increasingly pushing passwordless authentication, but the transition will take years.

Bottom line: Assume your credentials are compromised and take action to secure your accounts now.