Massive Data Leak Exposes 16 Billion Passwords From Email, Social Media, Developer Portals: Report

A massive data breach has exposed over 16 billion passwords online, marking it as one of the largest security leaks in internet history, reports India Today.

This leak poses a significant risk to millions of users' personal data, potentially leading to widespread phishing scams, identity theft, and account hacking globally, according to reports by Cybernews and Forbes.

Security researchers emphasise that this is not merely an old data dump.

Most of the leaked credentials are allegedly new, well-organised, and collected through infostealers—malware programs that silently steal usernames and passwords from devices and send them to hackers.

Hackers then use or sell these credentials on dark web forums.

The leaked data includes login information for a wide array of services, including email, social media platforms like Google, Facebook, and Telegram, developer accounts on GitHub, and even some government portals.

The information appears in a structured format: website link, username, and password, making it easy for attackers to use.

Around 30 large datasets, each containing millions to billions of login details, is said to have been collected, amounting to over 16 billion stolen credentials.

This situation worsens because of the stolen data's easy accessibility.

Reports indicate that even individuals with limited technical knowledge and minimal funds can acquire these passwords on the dark web, making almost everyone vulnerable.

Google has advised users to switch from traditional passwords to more secure options like passkeys.

The FBI has also warned the public to avoid clicking on links sent via SMS or emails, especially if they seek login details.

Cybersecurity experts have urged immediate action, suggesting user to change passwords across all major accounts, employ strong and unique passwords, enable two-factor authentication, and use password manager apps.