19.06.2025 15:59

Cybersecurity researchers, in collaboration with Cybernews, have unearthed the largest data breach in history, exposing a staggering 16 billion passwords. Unlike previous incidents involving recycled or publicly available data, these credentials are entirely new and previously undocumented, posing an exceptionally high risk.

Vilius Petkauskas and his team meticulously analyzed the leaked data over several months, identifying 30 distinct datasets, each containing tens of millions to a massive 3.5 billion records. These datasets represent a treasure trove of real user login information, including email addresses, usernames, and passwords, readily available for malicious exploitation. The sheer scale surpasses all previously documented data breaches, solidifying its position as the largest confirmed leak of stolen access data.

The vast majority of this leaked information is completely novel, with only one previously known 184 million-password database identified among the trove. Remarkably, the data is impeccably organized, presenting clean rows with platform URLs followed by corresponding usernames and passwords. This meticulously structured format is a significant advantage for hackers, allowing for seamless integration into automated attack tools without modification, creating an exceptionally efficient mechanism for mass exploitation.


This discovery is far more than just another data breach; it represents the foundation upon which widespread account takeovers are built. The compromised credentials provide access to major platforms including Apple, Google, Facebook, GitHub, Telegram, and even various government portals. The threat is not merely the sheer volume of data; it's the high quality and current status of these credentials. Many of the exposed accounts remain active, highlighting the immediate and significant danger presented.

Petkauskas and his team warn of impending large-scale phishing campaigns, credential stuffing attacks, and direct account hijackings across all major technology platforms. The consistent formatting and the absence of previous exposure strongly suggest that this data wasn't passively collected. Instead, the researchers believe active methods, most likely utilizing infostealer malware, were employed to scrape or exfiltrate the credentials and consolidate them into the discovered datasets. This active approach emphasizes the sophistication and organized nature of this unprecedented data breach.