One of the largest data breaches in history has leaked around 16 billion passwords across some of the biggest tech platforms in the world, according to researchers at Cybernews.
The data watchdog found more than 30 datasets, each containing billions of logins to social media, VPNs, and user accounts for Big Tech companies such as Apple and Google, had been left exposed by infostealers.
Newsweek contacted Google and Apple for more information on affected services via email.
Why It Matters
This breach may be one of the largest exposures of passwords in history, with millions of people potentially affected. Criminals that are able to gain access to passwords put up for sale on the dark web are able to use them for identify theft, fraud, and even blackmail.
The most common password length is eight to 10 characters, and a significant portion contains only lowercase letters and digits, making passwords vulnerable to brute-force attacks. Compared to just 1 percent in 2022, 19 percent of passwords now mix uppercase, lowercase, numbers, and symbols.
What To Know
Cybernews researchers have been monitoring the exposed datasets since the beginning of 2025.
One of them, Vilius Petkauskas, told Forbes that the team has discovered “30 exposed datasets containing from tens of millions to over 3.5 billion records each.”
Getty Images
“This is not just a leak—it’s a blueprint for mass exploitation. These aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”
Most concerningly, in their June 19 report, the researchers warned that the scope of the breach affected passwords to accounts with major text brands, with one member of the team saying the data sets could give criminals access to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”
Newsweek has asked Facebook, GitHub and Telegram for comment via email.
It has not yet been confirmed which entities originally owned most of the datasets in the breach, making it difficult to identify whose passwords have been affected.
The largest batch from the breach was confirmed to consist of Portuguese-speaking populations, though Cybernews said that other sets contained passwords from all over the world.
How to Protect Your Passwords
One of the best ways to boost password security is by using password managers, enforcing minimum length and complexity standards, and enabling multi-factor authentication.
Organizations can take this one step further than individuals by auditing access controls and monitoring for credential leaks.
Above all else, the easiest way to protect personal information is to change any old passwords to something stronger.
However, Google also recommends that users upgrade their Gmail account’s security by moving on from older sign-in methods like passwords and two-factor authentication.
“It’s important to use tools that automatically secure your account and protect you from scams,” the California-based company said.
Google also suggests using the Passkeys login system, which replaces passwords with biometric authentication via a trusted device like a smartphone. Biometrics include physical certification, like fingerprint recognition, facial scan, or a pattern lock.
What People Are Saying
Steve Weisman, a cybersecurity expert and writer of the Scamicide newsletter, told Newsweek: “The best way to protect yourself is to follow my rule, ‘trust me, you can’t trust anyone.’ Whenever you receive a phone call, text message or email requesting personal information, you can never be sure who is actually contacting you.”
Neringa Macijauskaitė, information security researcher at Cybernews said in a previous report: “We’re facing a widespread epidemic of weak password reuse. If you reuse passwords across multiple platforms, a breach in one system can compromise the security of other accounts.”
What Happens Next
Cybernews is continuing to investigate the nature of the leak, and advises readers to update their password information.
About the Author
