This article was curated by It’s That Part, where we highlight the truth in every fact—curated for deeper insight and critical reflection.
A massive data breach has exposed more than 16 billion passwords across multiple platforms, making it one of the most significant breaches in history.
Researchers at Cybernews confirmed the breach and published their findings on Wednesday, identifying 30 datasets, each containing billions of passwords for social media, VPNs, and user information related to other online services, including Apple and Google.
“This is not just a leak it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing,” researchers said.
“What’s especially concerning is the structure and recency of these datasets these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale,” they added.
The data breach was the largest cyber theft incident in history
Since early this year, the data watchdog has monitored the web. Its latest report reveals the largest-ever theft of sensitive data by infostealers, surpassing all previous cyber incidents.
Cybercriminals who initially obtain user passwords for sale on the dark web can exploit them to carry out identity theft, fraud and smishing.
The login information was only exposed briefly, prompting researchers to retrieve it quickly. However, they don’t know who was controlling most of the data, which was “temporarily accessible through unsecured Elasticsearch or object storage instances,” according to Cybernews.
Were passwords for Facebook, Apple and Google leaked?
Bob Diachenko, a Cybernews contributor, cybersecurity researcher, and owner of Security Discovery, shared details on whether the leaked datasets contained information from large tech companies.
“There was no centralized breach at any of these companies,” Diachenko said, adding that user information on those platforms still could have been exposed elsewhere.
“Credentials we’ve seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages,” Diachenko said.
How can consumers protect themselves?
Anyone would find it alarming to discover their personal information circulating online. Newsweek reported that the best way for consumers to protect themselves is to enhance security by using stronger, complex passwords and multi-factor authentication.
Google has also recommended that users upgrade their Gmail accounts by using more efficient methods with biometric authentication, such as a passkey system with physical certification, like fingerprint recognition, facial scans, or a pattern lock.
“It’s important to use tools that automatically secure your account and protect you from scams,” the tech company told Newsweek.
Recent cyber threat via text messages
In March, Blavity reported that the FBI warned iPhone and Android users to delete smishing text messages from threat actors claiming to be toll services and other government entities.
They send these phony messages to people, attempting to steal their information if the person clicks on the link asking them to pay alleged outstanding balances.
“The texts claim the recipient owes money for unpaid tolls and contain almost identical language,” theFBI stated. “The ‘outstanding toll amount’ is similar among the complaints reported to the [Internet Crime Complaint Center]. However, the link provided within the text is created to impersonate the state’s toll service name, and phone numbers appear to change between states.”
