A historic 16 billion password leak, the largest credential exposure ever recorded, compromised billions of accounts on Apple, Google, Facebook, GitHub, Telegram, and government services, triggering a global cyber security emergency.
Originating from “infostealer malware” that harvested credentials from infected devices, 29 of 30 leaked datasets contain new, weaponizable credentials for phishing attacks and account takeovers.
Experts urge immediate password changes for reused logins, mandatory multi-factor authentication (MFA) via authenticator apps, malware scans, and adoption of password managers. Google and the FBI emphasize switching to passkeys as critical protection, warning that this unprecedented data breach highlights critical cloud security flaws and demands dark web monitoring.
