Data breach exposes 16 billion passwords from Apple, Facebook, Google, and other companies

These datasets comprise billions of login credentials from social media, virtual private networks (VPNs), developer portals, and user accounts for all major vendors. Researchers found that most of the exposed information was structured in a format that consists of a URL, followed by login details and a password. These credentials are used for various online services, including those from Apple, Facebook, Google, GitHub, Telegram, and numerous government services. 

Leaks at this level can lead to various cyber threats such as phishing, account takeovers, ransomware attacks, and business email compromise (BEC) scams, with the FBI warning about suspicious links sent via SMS messages. 

Shared responsibility in cybersecurity

Experts in technology and security highlight the importance of investing in password management solutions and dark web monitoring tools. Basic cybersecurity practices, such as avoiding the reuse of passwords across multiple sites, should be followed. 

Protecting credentials is a shared responsibility: organisations must safeguard users, but individuals also need to remain vigilant against attempts to steal login information. 

More secure, passwordless authentication methods, such as passkey, are preferred. Tools like a password manager can help generate strong and unique passwords, store them securely, and notify users if they are involved in a breach. 

This data breach follows a similar one from May 2025, when researchers discovered an online database with over 184 million account credentials from Google, Microsoft, Facebook, Instagram, and other major platforms. 

This earlier report revealed that usernames, passwords, emails, and URLs for various social media apps and websites were stored in a file, alongside users’ credentials for bank and financial accounts, health platforms, and government portals.