A major discovery reveals the scope of modern cybercrime. Researchers have uncovered one of the largest compilations of stolen data in history, exposing accounts from major platforms like Apple, Google, and Facebook.
A Leak of Historic Proportions
Cybernews researchers revealed an alarming discovery reported by 01net.com: more than 16 billion login credentials and passwords are circulating freely on the Internet. This massive compilation, consisting of 30 datasets representing over 3.5 billion records, includes not only usernames and passwords, but also access tokens, login cookies, and various metadata. The affected platforms span a broad spectrum of services: social networks (Facebook, Telegram), cloud services (Google, Apple, GitHub), VPNs, corporate and government portals, development platforms, and financial services (WeChat, Alipay).
The Work of Malicious Software
This data accumulation primarily results from the action of infostealers, malicious software specialized in stealing personal information. According to Kaspersky, nearly ten million devices were infected by this type of malware in one year worldwide. These viruses spread through various vectors: malicious files, phishing attacks, or credential stuffing campaigns, where hackers use already compromised credentials to access multiple platforms. The data was then enriched by other previous breaches and leaks.
A Major Operational Threat
Although the data was only temporarily accessible to the general public, it remains in the hands of potentially malicious individuals. Researchers emphasize that this is not simply a leak, but an “operational database for large-scale exploitation.” This information can fuel various cyberattacks: ransomware operations, massive phishing campaigns, or account takeovers. The scope of available data provides cybercriminals with unprecedented access to sensitive personal information.
A Compilation Rather Than a New Attack
However, Sophos experts qualify the impact of this discovery. This is not freshly stolen data from a new cyberattack, but a compilation of information already in circulation. Apple, Google, and other affected platforms were not directly compromised. This situation nevertheless illustrates the extent of information potentially accessible to cybercriminals and is part of a series of recent massive leaks, notably the 184 million passwords discovered last month or the RockYou2024 file containing nearly 10 billion stolen passwords.
The Urgency of Strengthening Security
Faced with this proliferation of compromised data, experts strongly recommend adopting enhanced security measures. Using complex and unique passwords for each service becomes crucial, but is no longer sufficient. Enabling multi-factor authentication is an absolute necessity. This precaution constitutes an effective barrier even when login credentials are compromised, blocking access to hackers despite their possession of this sensitive information.
16 milliards de mots de passe exposés… C’est flippant ! 🔥👀 #DataBreach #16BillionPasswords #CyberSécurité #Piratage #SécuritéNumérique #AlerteInternet https://t.co/Y72jpZm9jn pic.twitter.com/nd2t4itXSK
— Clubic (@Clubic) June 19, 2025