Islamabad, June 21, 2025: In what cybersecurity analysts are calling the largest data breach of its kind to date, nearly 16 billion user credentials have been leaked online, affecting accounts across major tech giants like Apple, Facebook, Google, GitHub, Telegram, and various government platforms.
The breach, uncovered by experts at Cybernews, was initially flagged earlier this year but is now confirmed to include a vast number of newly exposed datasets.
Lead investigator Vilius Petkauskas reported the discovery of over 30 different collections — each holding tens of millions to more than 3.5 billion entries — totaling the 16 billion compromised records.
“This is not just a leak — it’s a blueprint for mass exploitation,” warned researchers, noting that the exposed information consists mostly of “fresh, weaponisable intelligence at scale” rather than recycled data from older breaches.
The stolen credentials include email addresses, login names, and passwords, arranged in a format easily usable by cyber attackers for phishing scams, identity fraud, and unauthorized account access. Alarmingly, many of the affected accounts are still active across social networks, VPNs, coding platforms, and official government sites.
READ MORE: Govt Issues Cyber Alert on Oracle Data Breach
Rising Security Concerns
Password management company Keeper Security responded by emphasizing the need for stronger digital security. “This scale of exposure is a critical cybersecurity threat,” the founders stated.
The FBI and Google have both recommended shifting to advanced login protections, including passkeys, and avoiding suspicious messages or links.
READ MORE: Over 180 Million Accounts Exposed in Global Data Breach, Pakistani Users at Risk
An Unprecedented Threat
This breach surpasses previous leaks, including a 184 million-password exposure reported just weeks earlier. Experts believe the data was collected through various infostealer malware infections.
Protective Steps for Users
Cyber professionals recommend users to immediately:
- Update passwords on all platforms
- Activate two-factor authentication (2FA)
- Use secure password managers
- Watch for unusual account activity
Checking credentials through trusted tools like Have I Been Pwned is strongly advised.
