A staggering 16 billion login credentials have been exposed in what cybersecurity experts are calling the largest password leak in internet history.
The megabreach, linked to a series of stealthy malware operations known as infostealers, has sent shockwaves through the global tech community and prompted urgent calls for digital hygiene.
Cybernews , a leading investigative outlet, reports that the leak spans more than 30 newly discovered datasets, each containing tens of millions to over 3.5 billion records. While many assumed such data dumps to be recycled from old breaches, researchers have confirmed that nearly all of this information is newly compromised, save for one earlier-reported cache of 184 million credentials.
'This isn't just another dump, this is a goldmine for cybercriminals,' investigators warned. The data includes usernames and passwords connected to major services like Google, Facebook, Apple, Telegram, GitHub, and even government portals. In most cases, the stolen credentials were structured in clean, usable formats, making them easy for attackers to exploit in phishing campaigns or account takeovers.
According to experts, the source of this mega-leak appears to be multiple infostealer malware operations silently harvesting credentials from infected machines over time. These malicious programs often go unnoticed, quietly lifting passwords from browsers, VPNs, developer tools, and social media accounts before shipping the data to criminal marketplaces on the dark web.