16 billion passwords leaked in major data breach

Cyber‑defenders are warning of an unprecedented threat after some 16 billion sets of usernames and passwords were published online, according to a new report.

The discovery comes from cybersecurity company “Cybernews”, which says the cache combines both historic and freshly stolen data—making it immediately useful for would‑be hackers.

Experts believe the trove was harvested by ‘Infostealer’ malware, malicious programs that silently pull passwords, email addresses and other login details from infected computers and mobile devices. These tools target not only web browsers but a wide range of apps and operating systems.

The leaked credentials cover major online platforms—including Apple, Google, Facebook, GitHub and Telegram—and even accounts tied to government agencies.

Researchers stress that this is no routine breach: it is a carefully compiled dataset that could enable large‑scale attacks at any moment. As one analyst noted, the haul acts as a “roadmap” for cyber‑criminals plotting phishing scams, identity theft and account takeovers.

Security specialists urge users to act immediately by:

• Changing passwords on all important accounts
• Creating unique, strong passwords for every service (ideally with a password manager)
• Enabling multi‑factor authentication or passkeys wherever possible
• Running antivirus scans to detect hidden malware
• Treating unsolicited emails, texts and links with extreme caution

Taking these steps, experts say, is the best way to protect personal data until the full impact of the leak becomes clear.