16 Billion Login Credentials Leaked in Massive Data Breach Impacting Apple, Google and More

Apple, Facebook, Google, and Telegram are said to be some of the biggest companies to be impacted by this data breach.

Written by Shaurya Tomer, Edited by Siddharth Suvarna | Updated: 20 June 2025 12:28 IST

16 Billion Login Credentials Leaked in Massive Data Breach Impacting Apple, Google and More

Photo Credit: Reuters

The datasets reportedly contained from tens of millions to over 3.5 billion records each

Highlights

Datasets comprising over 16 billion records were reportedly leaked
Leaked information included login credentials including passwords
Datasets came from stealer malware, old leaks, and credential dumps

Cybersecurity researchers have discovered a “mysterious database” comprising a staggering record of 16 billion login credentials, in what is being called one of the biggest data breaches in history. According to a report, it impacted some of the world's biggest technology companies including Apple, Facebook, and Google, along with government portals from multiple countries. The data breach gave threat actors brief but unprecedented access to personal credentials, posing risk of account takeover, identity theft, and phishing attacks.

Update: Telegram, in a statement to Gadgets 360, said, "Telegram's primary login method is a one-time-password delivered by SMS. As a result, this is far less relevant for Telegram users compared to other platforms where the password is always the same."

According to a report by CyberNews, a majority of the data in the leaked database included information from credential stuffing sets, stealer malware, and repackaged leaks. Researchers say they've discovered 30 exposed datasets since the beginning of the year, comprising from tens of millions to over 3.5 billion records each, bringing the total to nearly 16 billion records which have been discovered so far.

Microsoft 365 Copilot Could Be Hacked Without Any User Input: Research

Threat actors are speculated to have employed infostealer logs to steal this sensitive data. This breach impacted not just one company, sector, or country, but numerous ones. Apple, Facebook, Google, GitHub, and Telegram were some of the biggest companies to be impacted.

As per the report, it affected social media companies, corporate platforms, VPNs, developer portals, and even government services of various countries. Further, it is suggested that none of the datasets, except for one, were discovered in previous breaches, which means most of the data in the latest breach is fresh.

“What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale”, the publication quoted researchers as saying.

Cybersecurity Researchers Find 20 Crypto-Phishing Apps on Play Store

The leaked data had a proper structure, with the URL followed by the login credentials and a password. As per the report, this is a staple method employed by threat actors to steal data. The smallest dataset reportedly had over 16 million records, while the largest one contained more than 3.5 billion. On an average, each dataset comprised 550 million exposed credentials.

Some of the datasets had generic names, such as “credentials” or “logins”. Meanwhile, others also reportedly referenced the services they were stolen from or related to. For example, researchers discovered one dataset named after Telegram which contained 60 million records.

The report states all of the datasets were only briefly exposed, but long enough for cybersecurity personnel to discover them. These were accessible through object storage instances or unsecured Elasticsearch. However, they could not uncover the entity controlling the 16 billion records.

Google Shuts Down Malware Using Google Calendar to Steal Data

Researchers say data breaches of this scale can be employed by threat actors for running phishing campaigns, taking over accounts, ransomware intrusions, and business email compromise (BEC) attacks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Data Breach, Cybersecurity, Apple, Google, Facebook, Telegram, GitHub, Data Leak

Shaurya Tomer

Email Shaurya Tomer

Shaurya Tomer is a Sub Editor at Gadgets 360 with 2 years of experience across a diverse spectrum of topics. With a particular focus on smartphones, gadgets and the ever-evolving landscape of artificial intelligence (AI), he often likes to explore the industry's intricacies and innovations – whether dissecting the latest smartphone release or exploring the ethical implications of AI advancements. In his free time, he often embarks on impromptu road trips to unwind, recharge, and ...More