16 Billion Passwords and Usernames Across Google, Apple, Facebook Leaked

A massive data breach has exposed more than 16 billion usernames and passwords. These include those from popular sites like Facebook, Google, Apple, Telegram, and even government-owned websites. This is believed to be one of the biggest data breaches ever, and yes, your account could be one of the ones that got leaked. 

What Happened?

Cybernews researchers found 30 huge databases online, each with millions to billions of stolen login information. These aren't just old hacks that have been used over and over again.  This information is mostly new and has never been seen before, which makes it even more dangerous.  To sum up, experts cautioned, "This is not just a leak – it’s a blueprint for mass exploitation.”

Who is Affected?

Most people who use the internet are affected.  The breach contains logins for Google and Gmail, Apple ID, Facebook and Instagram, GitHub and Telegram, government portals, and many other sites you probably use every day. 

The leaked information is said to have been in plain text format and to have shown URLs, accounts, and passwords. This makes it easier for hackers to access accounts, steal information, and take control of them. 

A huge batch of these stolen credentials (3.5 billion) comes from Portuguese-speaking populations, while other large batches are linked to Russian logins, Telegram logins, and more.

FBI and Google Send Out Alerts 

The FBI says that people should not click on any links that look strange, especially those that come by email or text.  Google is also telling people to change their passwords right away, especially if they don't use two-factor authentication (2FA) or a password manager. 

Facebook, only a few days back, announced the adoption of passkey login both for the main app as well as Messenger. The website already advocates 2FA for bolstered security and user experience. 

“This is not just a data leak, it’s a GLOBAL DIGITAL EMERGENCY. The scale of this breach is staggering, and it’s a wake-up call for all enterprises,” says Sujit Patel, CEO of SCS Tech India, a firm specialising in cybersecurity and digital transformation.

“When 16 billion logins are exposed, it’s not just passwords—it’s trust, reputation, and business continuity on the line. We must respond with urgency, deploying zero-trust models and prioritising real-time threat intelligence. Cybersecurity leadership has to be embedded across the boardroom, not just the IT department, because accountability and preparedness are as important as technology.”

Where Did It Come From?

 Experts think the leak came from several malware tools known as "infostealers," a kind of malware that steals your passwords while you are online.  No one knows for sure who leaked the data or how many accounts were compromised, but the number is in the billions.

What You Should Do Now 

Security experts suggest you should do this today: 

1. Change your passwords, starting with the ones for your most critical accounts, such as email, banking, and government websites. 

2. Make sure that you are using a unique and strong password. 

3. Turn on two-factor authentication (2FA) wherever possible. 

4. Don't click on links that look dubious, especially if they come from texts or emails you don't know. 

5. Use a password manager that you trust to keep your login information safe and up to date.

Read More: Facebook Announces Passkey Login, Here's What That Means for You