This post is also available in:
עברית (Hebrew)
A staggering data leak has revealed one of the largest breaches of personal information in digital history—an estimated 16 billion login credentials exposed across 30 unsecured datasets. The credentials, likely harvested through infostealer malware, represent a new level of scale and organization in cybercrime infrastructure.
This breach, uncovered by cybersecurity researchers and first reported by Cybernews, consists of datasets ranging from 16 million to over 3.5 billion records each. While some overlap between the datasets is possible, researchers emphasize that the majority of the data is recent and not simply recycled from older leaks. The records appear to have been collected from compromised access points across social media platforms, enterprise services, cloud tools, developer portals, and even government login pages.
What makes this discovery especially alarming is the structural consistency of the leaked data. Each record typically includes a URL, a username or email, and a password—formatting consistent with logs generated by infostealer malware. These forms of malicious software extract login data from infected devices, often bundling it with session tokens, cookies, and other metadata that can bypass multi-factor authentication systems.
Researchers noted that while these datasets were accessible for only a limited time—often through misconfigured Elasticsearch servers or unsecured object storage—they were online long enough to pose a serious threat if accessed by bad actors. Once aggregated, these credentials can be weaponized for phishing campaigns, account takeovers, ransomware attacks, and business email compromise (BEC).
The breach spans nearly every major online platform imaginable, including login records pointing to Apple, Facebook, Google, GitHub, Telegram, and more. While no single service appears to have been directly breached, credentials stolen via infostealers grant access across ecosystems if reused passwords or compromised tokens are involved.
The sheer scale of the leak—amounting to more than two credentials per person on Earth—reflects a shift in cybercriminal behavior. Instead of trading data in fragmented forums or messaging groups, threat actors are compiling enormous, centralized collections for maximum exploitation potential.
As a precaution, users are advised to immediately change their passwords, enable two-factor authentication, and monitor accounts closely for suspicious activity. This breach is not just a wake-up call—it’s a warning that the underground data economy is growing more dangerous by the day.
