16 Billion Passwords Leaked From Apple, Google, Facebook and More — What You Need to Know

Update, June 19, 2025 – This story has been updated with comments from Keeper Security’s co-founders about the breach and what users should do now.

If 184 million stolen passwords sounded bad last month, brace yourself — the number has now exploded to a staggering 16 billion leaked login credentials. This may be the largest password breach in history, and experts are calling it a “blueprint for mass exploitation.”

Here’s what happened, why it matters, and what you need to do immediately.

What Was Leaked — and How Bad Is It?

Researchers at Cybernews have been tracking this breach since early this year. According to lead investigator Vilius Petkauskas, the data dump includes 30 massive datasets, each containing tens of millions to billions of stolen credentials.

In total:
16 billion login records
Fresh data — not previously reported
Credentials linked to Apple, Google, Facebook, GitHub, Telegram, VPNs, government services, and more

This isn’t recycled data from old breaches. It’s new, high-value information — and it’s dangerous.

“This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews warned.
“These are fresh, weaponizable credentials that open the door to pretty much any online service imaginable.”

Each record typically includes a URL, username/email, and password — the exact combo needed for account takeovers, phishing attacks, and identity theft.

Why It Matters for You (Yes, You)

Let’s be clear: if your credentials are in this leak, your online identity — from social media to banking — is now exposed.

This leak shows how vulnerable even the biggest platforms can be. And it’s a reminder that stolen passwords are a booming black market on the dark web. A few dollars can buy access to your digital life.

“Password compromise leads to account compromise, and that leads to the compromise of nearly everything we care about in today’s digital world,” said Keeper Security CEO Darren Guccione.

How This Keeps Happening

Some of the data was likely harvested using infostealer malware, while other records may have been unintentionally exposed in misconfigured cloud environments — a growing issue in enterprise security.

“This is a harsh reminder of how easy it is for sensitive data to be left exposed online,” Guccione said.
“If we’re lucky, a security researcher finds it and reports it. If not? A cybercriminal does.”

What You Should Do Right Now

1. Change your passwords immediately — especially for important accounts (email, banking, cloud storage).
2. Use a password manager — to generate and store strong, unique passwords.
3. Enable multi-factor authentication (MFA) — this adds a critical layer of protection.
4. Consider passkeys — they’re more secure than traditional passwords and are being rolled out by Google, Apple, and others.
5. Sign up for dark web monitoring — services can alert you if your data appears in leaked databases.

Organizations should also act fast. Guccione recommends adopting zero-trust security frameworks with strong access controls. “Access to sensitive systems must always be authenticated, authorized, and logged — no matter where the data lives,” he said.

Cybersecurity Is Everyone’s Responsibility

While companies must do more to protect user data, individuals also play a key role. That means avoiding reused passwords, staying alert to phishing scams, and not clicking sketchy links.

“Cybersecurity isn’t just a technical challenge — it’s a shared responsibility,” said Javvad Malik of KnowBe4.
“Use strong, unique passwords, and enable MFA wherever possible.”

Bottom Line

The 16 billion password leak is the latest — and largest — wake-up call. Don’t wait for your credentials to show up on a hacking forum. Take action now.

Change your passwords. Use a password manager. Switch to passkeys. Stay safe.