As many as 16 billion unique usernames and passwords have been exposed, likely due to malware infections. The leaked credentials come from over 30 different datasets, impacting services such as social media, banking, and government websites. Users are advised to check for breaches using tools like Have I Been Pwned (HIBP) or Google Password Checkup, and immediately update any affected passwords while enabling two-factor authentication (2FA) for added security.
Researchers have just confirmed a massive data breach, and it’s possible that your login information was included. Cybersecurity researchers have recently reported what they call the largest password leak ever recorded. A cache of up to 16 billion login credentials, including usernames and passwords for countless online services, has been compromised. What’s more frightening is that the majority of these passwords are unique combinations that were most likely compromised by malware.
“This is not just a leak—it’s a blueprint for mass exploitation,” warned Vilius Petkauskas of Cybernews, whose team has been looking into the breach since early 2025.
As per the reports, the leaked credentials are spread across 30 datasets, some containing more than 3.5 billion records each. Everything from social media accounts to VPN services, developer platforms, government portals, and more could be potentially exposed.
The leaks of data make it dangerously accessible for criminals to use as passwords are the gateway to almost everything in our digital lives, email, banking, healthcare, and even our private messages. With 16 billion credentials leaked in the cybercriminal underground, the risks of identity theft, account hacking, and financial fraud are skyrocketing.
This is also one of the reasons tech giants like Google, Microsoft and Meta are now pushing users to switch to passkeys. If you are worried about your data, here’s how you can check if they have been leaked or not and what to do next if you find your login credentials compromised.
How to check if your data has been leaked?
You can use these free tools to see if your data has been compromised or not.
- Have I Been Pwned (HIBP): This is one of the best websites to check for data breaches. Users can simply enter their email addresses or passwords to check for breaches. It maintains a database of compromised credentials.
- Google Password Checkup: Integrated into Google Chrome and your Google account, this feature scans for compromised passwords and recommends changes accordingly.
- F-Secure Identity Theft Checker: This platform assesses risk by checking for leaks and identity theft signs.
- Mozilla Monitor: Built into Mozilla Firefox, it monitors your email address across known breaches and provides privacy protection tips.
- Microsoft Edge Password Monitor: This automatically flags users when saved passwords are detected in data breaches.
What to do next?
- If any of your accounts are affected, the first thing to do is change your passwords immediately and log out of all other devices.
- Use unique, strong passwords for each site, and enable two-factor authentication wherever possible. Saving login credentials within password manager can make this a lot easier to manage.
