The story of the largest leak: 16 billion passwords from Apple, Facebook and Google

Cybersecurity researchers from Cybernews have uncovered an unprecedented data compilation of approximately 16 billion compromised logins and passwords, including credentials to major platforms like Apple, Facebook, and Google. The breach spans 30 datasets, each holding from tens of millions to up to 3.5 billion records—likely aggregated over time through various malware (“infostealers”) rather than a single hack.

The login data, often formatted as URL + username + password, is circulating on the dark web and black‑market forums, triggering alerts from authorities like the FBI and tech companies themselves . Cyber experts warn of risks ranging from identity theft and account takeovers to phishing campaigns and financial fraud.

What you should do now:

• Immediately update all important passwords.

• Never reuse passwords—use unique ones for each account.

• Activate multi‑factor authentication (2FA) or passkeys for crucial services.

• Employ password managers and strong password generators.

• Avoid suspicious links—especially in SMS and emails.