Sun Jun 22 11:00:00 UTC 2025: ## Billions of Login Credentials Exposed: Experts Urge Password Updates and Stronger Security

**London, UK** – A massive collection of 16 billion login records has been discovered, potentially exposing users of major platforms like Facebook, Meta, Google, and Apple to cyberattacks. Researchers at Cybernews, a tech publication, uncovered the data within 30 datasets, compiled from “infostealer” malware and past data breaches. While the exact number of unique accounts affected remains unclear due to overlapping entries, the sheer scale of the exposed credentials is alarming.

The datasets, containing login URLs, usernames, and passwords, were briefly exposed on poorly secured remote servers before being taken down. Cybersecurity specialist Bob Diachenko downloaded the data and plans to notify affected individuals and companies.

Despite the potential danger, some experts are skeptical about the data’s novelty. One expert, speaking anonymously, suggested a significant portion might be repeated information already circulating online.

Google has stated the data doesn’t originate from a Google breach and recommends users leverage tools like Google’s password manager for enhanced security. Users can also check if their email has been compromised using the website haveibeenpwned.com.

Cybersecurity firms are urging internet users to take immediate action to protect their accounts. Recommendations include:

* **Regularly updating passwords:** Choose strong, unique passwords for each online account.
* **Employing multi-factor authentication (MFA):** Adding an extra layer of security, such as a code sent to your phone, makes it harder for attackers to access your account even with a compromised password.
* **Using password managers:** These tools generate and securely store complex passwords, making it easier to maintain strong security across all platforms.
* **Consider passkeys:** Password-free login methods like those championed by Google and Meta, offer a more secure and convenient alternative.

“This is an important reminder to everyone to take proactive steps,” said Peter Mackenzie, Director of Incident Response and Readiness at Sophos. Toby Lewis, Global Head of Threat Analysis at Darktrace, emphasizes that while infostealers are a real threat, practicing good security hygiene can significantly mitigate the risk.

Experts warn that this data can be used for “account takeover, identity theft, and highly targeted phishing” attacks. Alan Woodward, a professor of cybersecurity at Surrey University, suggests “password spring cleaning” as a crucial preventative measure. The incident underscores the growing need for “zero trust” security measures, assuming breaches are inevitable and requiring constant verification.

Read More