Researchers Discover 16 Billion Login Details Exposed Online

Cybersecurity researchers have discovered what’s believed to be the largest-ever data breach, consisting of up to 16 billion login credentials. The data consists of usernames, passwords, session cookies, and authentication tokens from almost every major website and online service, including Facebook, TikTok, Google, Apple, Telegram, GitHub, and even some VPN services and government portals.

Between January and June 2025, the Cybernews team discovered 30+ separate datasets that were temporarily left exposed via “unsecured Elasticsearch or object storage instances.” The sizes of individual datasets ranged from roughly 16 million to 3.5 billion, with an average size of 550 million.

Unfortunately, they were unable to ascertain the owners of the data in most instances. So, it’s not clear whether it’s in the hands of “legitimate” entities or whether it has been stolen. Regardless, the fact that such massive quantities of sensitive data are frequently being exposed, often through misconfigured cloud systems, is troubling in itself.

However, many of the examined datasets did show some tell-tale signs of being collected using infostealer malware. The leaked data was typically organized by URLs matched with username and password pairings, a common theme in modern infostealers, like RedLine, Raccoon, and Vidar.

One of the datasets included in the study was an unprotected cloud system with 184 million login credentials, mostly from social media platforms, like Facebook and Snapchat.

Infostealers are a class of malware that infects a victim’s device and silently extracts info such as login credentials, browser cookies, session tokens, saved passwords, and autofill data. Cybercriminals typically collect this data into large databases, which they then sell on underground markets, potentially on the dark web. The leaked datasets seemingly consisted of very similar information.

While some of the datasets have been identified in past data breaches, much of it seems to be new or unheard of. Regardless of the source, the great concern is that if researchers are able to access this data, then so are cybercriminals. This could lead to targeted attacks on individuals or large-scale extortion attempts, like what recently happened in a PowerSchool data breach.

The research once again highlights the importance of practicing good cybersecurity hygiene. All online users should limit password reuse, use 2FA/MFA, and change their passwords frequently (on top of using strong ones to begin with). Plus, regularly check if their credentials have been implicated in data breaches using sites like Have I Been Pwned.