 "hack, Cyber Crime, Scam")
Don't want to miss the best from Business Standard?
What would you do if someone quietly copied your house keys and made millions of duplicates?
That’s what just happened on the internet. Except instead of house keys, it’s passwords—and 16 billion of them.
A report by Cybernews and Forbes has confirmed what cybersecurity experts feared: the largest password leak in history is now live, with billions of credentials up for sale on the dark web. The scale is staggering, the implications global.
The breach that changed everything
More than 30 separate data sets, each containing tens of millions to over 3.5 billion records, have been uncovered. Together, they form a massive archive of stolen login data—fresh, organised, and dangerously exploitable.
Also Read
 "data privacy")
 "Suppliers of several non-leather footwear brands like Nike, Adidas, Puma, New Balance, and Reebok are betting big on Tamil Nadu as a manufacturing hub, with the state already in the process of grooming a supplier ecosystem, for which India is almost")
 "TikTok")
 "Whatsapp")
 "The insurance sector is at a critical juncture. Despite impressive growth in premium income – from Rs 1 trillion in FY05 to more than Rs 6.7 trillion in FY24 – the sector has yet to fully realise its potential in terms of broader penetration and impr")
“This isn’t just a leak. It’s a blueprint for mass exploitation,” said a WION report.
Crucially, these records weren’t scraped from old data leaks. They were collected by infostealer malware—malicious programs that quietly sit on infected devices, harvesting usernames and passwords without users ever realising it.
Who’s at risk? Everyone
Your Apple ID. Your Gmail. Facebook, GitHub, Telegram—even access to government services. The leaked credentials open doors to all these platforms and more.
Google has already urged users to switch from traditional passwords to passkeys, a more secure login alternative. The FBI has also warned against clicking on suspicious SMS links—an increasingly common phishing tactic now supercharged by this breach.
According to Merca20, anyone—not just cybercriminals—can buy these stolen credentials on the dark web for a small fee.
Where did the data come from?
Cybersecurity analysts say the breach aggregates multiple sources:
- Credential stuffing lists
- Logs from infostealer malware
- Repackaged data from earlier breaches
Some of the data was uploaded to attacker-controlled servers; some left exposed by accident. Regardless of origin, it has now been weaponised into a single, dangerously efficient toolset for cyberattacks.
What makes this breach different?
Most of the 16 billion credentials are new—not recycled from earlier breaches. That means the vast majority of affected users still don’t know their accounts have been compromised.
Even more worrying: the data is neatly structured and ready for immediate use, significantly lowering the barrier for hackers to launch attacks at scale.
What you can do now
Cybersecurity experts are urging immediate action. Here’s how you can protect yourself:
- Change your passwords, especially on frequently used platforms
- Use a password manager to create and store strong, unique credentials
- Enable multi-factor authentication (MFA) wherever available
- Switch to passkeys, if your platform supports them
- Use dark web monitoring tools to get notified if your credentials are leaked
 "Rocket")
 "Elden Ring Nightreign")
 "Jio gaming recharge pack")
 "Google's Material 3 Expressive")
 "Gemini song search feature")
