A mix of old breaches and fresh malware logs led to the massive 16 billion password leak. Here is what you need to know and how to stay safe.
What really happened?
Researchers discovered more than 30 databases containing around 16 billion usernames and passwords. Most of these records came from:
- Malware that stole logins from infected devices.
- Older breaches, including ones from major platforms like LinkedIn.
The leak appeared on misconfigured servers but was quickly removed. However, copies are already circulating online.
Is this a new hack?
No, Apple, Google, and Meta were not freshly hacked. Instead:
- Many of the records are old and repeated.
- Some are new, stolen by malware this year.
- Attackers now have an easy-to-use collection of credentials for scams and account takeovers.
Why does this matter?
Even with duplicates, 16 billion leaked records give criminals plenty of opportunities. The data includes accounts for:
- Apple, Google, Facebook, GitHub, Telegram, VPN services, and even some government portals.
- Attackers can use this information for credential stuffing (trying stolen passwords on different sites), phishing, and identity theft.
How much of it is new?
Experts estimate:
- 85 percent came from malware logs.
- 15 percent came from old breaches.
- Millions of the credentials are likely still active.
What you should do now
Follow these steps to protect yourself:
1. Check if your email was leaked
Use Have I Been Pwned or similar services.
2. Change reused or weak passwords
Start with your most important accounts like email, banking, and work accounts.
3. Use a password manager
Tools like Bitwarden, 1Password, or KeePass help you create strong, unique passwords.
4. Turn on two-factor authentication (2FA) or passkeys
This adds an extra layer of protection.
5. Watch for suspicious activity
Check your accounts regularly for strange logins or alerts.
6. Be careful with links and downloads
Do not click unknown links or open suspicious files. Malware often spreads this way.
The bottom line
This is not a single new hack, but it combines billions of old and new credentials into one massive leak. Treat it seriously. Update your passwords, turn on security features, and act as if your accounts are already exposed. A few small changes today can help you avoid big problems later.
Focus and Related Keywords
- Focus keyword: 16 billion passwords leaked
- Related keywords: password leak 2025, data breach, stolen passwords, credential stuffing, change passwords after leak
References
CyberNews. (2025, June 20). Billions of credentials exposed in one of the largest info-stealer data leaks ever discovered. CyberNews. https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak
The Guardian. (2025, June 21). Internet users advised to change passwords after 16bn logins exposed. The Guardian. https://www.theguardian.com/technology/2025/jun/21/internet-users-advised-to-change-passwords-after-16bn-logins-exposed
Time. (2025, June 22). Billions of passwords have been leaked in massive breach, researchers say. Here’s what you should know. Time. https://time.com/7296254/passwords-leaked-data-breach
India Times. (2025, June 21). Apple, Google, and Facebook users at risk after 16 billion login credentials get compromised in data breach. India Times. https://indiatimes.com/trending/apple-google-and-facebook-users-at-risk-after-16-billion-login-credentials-get-compromised-in-data-breach-661600.html
Business Insider. (2025, June 23). How to protect your accounts after password leaks. Business Insider. https://www.businessinsider.com/how-to-protect-accounts-data-breach-password-leaks-2025-6
