A historic data breach has exposed 16 billion passwords and login credentials from platforms including Google, Apple, Facebook, GitHub, Telegram, and even government portals, marking what experts are calling the largest credential leak in internet history.
Uncovered by researchers at Cybernews, the leaked trove includes more than 30 previously unreported datasets. Some contain upwards of 3.5 billion records each, suggesting this isn’t just old breach data resurfacing, it’s fresh, potent, and immediately exploitable.
🚨 16 BILLION CREDENTIALS LEAKED — LARGEST DATA BREACH IN HISTORY!
⭕ Cybernews researchers located 30 unsecured datasets holding ~16 billion login credentials from infostealer malware, each with tens of millions to 3.5 billion entries.
⭕ Affected services include Apple,… pic.twitter.com/7ARNdPa330
— Numbers.lk (@numberslka) June 19, 2025
“These aren’t just old breaches being recycled,” said researchers leading the Cybernews investigation. “This is fresh, weaponizable intelligence at scale.”
Much of the data follows a pattern of URLs paired with login information and passwords. That format allows cybercriminals to test credentials automatically across various services—a common tactic in what’s known as credential stuffing attacks.
The leak, dubbed the “GOAT” (Greatest of All Time) of password dumps, is believed to be the work of multiple infostealers—malware tools that siphon sensitive data from infected devices. According to Darren Guccione, CEO of Keeper Security, incidents like this often stem from misconfigured cloud environments where exposed credentials go unnoticed until they are found, either by a white-hat researcher or someone with more malicious intent.
Guccione called the breach “a chilling reminder of how easy it is for sensitive data to be unintentionally exposed online.”
This breach is part of a growing pattern. According to the Identity Theft Resource Center, data compromises in the U.S. alone reached a record high in 2023, with over 3,200 publicly reported breaches. Globally, tens of millions of credentials are leaked monthly, often in massive drops like this one. The sheer volume and frequency of these exposures reveal the ongoing strain on digital security systems, from individual users to multinational tech companies.
If you haven’t already, now’s the time to retire that same old password you’ve been reusing for years.
ADVERTISEMENT
