A record-breaking 16 billion passwords have been leaked on the Dark Web, putting global tech platforms and user data at extreme risk, cybersecurity experts warn.
 |
| Infostealer malware behind the leak of 16 billion passwords, creating major cybersecurity threats for platforms and users worldwide, CyberNews reports. Image: Collected |
Tech Desk – June 22, 2025
In what cybersecurity experts are calling the largest data breach in internet history, more than 16 billion passwords and login credentials have been leaked on the Dark Web, according to a comprehensive investigation by CyberNews.
The massive leak has exposed highly sensitive data from platforms like Google, Apple, Facebook, GitHub, Telegram, and various government services, triggering global concerns over the security of personal and corporate digital assets.
The data dump includes 30 individual datasets, each containing between millions to 3.5 billion records, accumulating to a staggering total of over 16 billion compromised entries. These include usernames, associated passwords, and the exact websites users logged into—creating a near-complete map of online identity vulnerabilities.
CyberNews researcher Villius Petkauskas, who led the investigation, confirmed that the breach was discovered in early 2025 and involves datasets gathered from a variety of sources, including social media accounts, VPNs, developer platforms, and corporate systems.
A particularly concerning element is the role of Infostealer malware, a sophisticated form of spyware that harvests login data stored in web browsers without user consent. Once active, it transmits the captured data—URL, username, and password—to external servers operated by cybercriminals.
"The structure of the leaked information allows attackers to instantly identify where victims logged in and with what credentials," said Petkauskas. "This isn’t just a breach; it’s a blueprint for global cyberattacks."
Cybersecurity professionals are urging immediate action. Recommendations include changing all passwords—especially for reused credentials—enabling multi-factor authentication (MFA), and regularly scanning devices for malware.
The leak’s discovery underscores the growing threat posed by lax digital security practices amid rising data volumes and interconnected systems. With such a vast trove of credentials now circulating on the Dark Web, the potential for targeted phishing, ransomware attacks, and identity theft has skyrocketed.
Governments and tech firms worldwide are now scrambling to assess vulnerabilities, with experts warning that failure to act swiftly could lead to catastrophic digital and financial consequences.
As cybercriminal networks become more organized and AI-enhanced threats rise, this breach highlights the critical importance of cyber hygiene, proactive defense systems, and public awareness in securing the digital future.