The investigative team with the independent tech news site Cybernews said they have discovered one of the largest data breaches in history, affecting up to 16 billion user logins. But all may not be as it seems.
Forbes said a May 23 report initially claimed 184 million logins were compromised, but now that number appears to be much larger - nearly 16 billion.
Cybernews was the first to report the breaches earlier this week and has updated its findings.
“This is not just a leak,” Cybernews’ researchers said. “It’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”
The group claims the records were from 30 different databases, acknowledging that the databases might overlap. The size of the databases ranges from tens of millions to more than 3.5 billion records each, according to Cybernews.
It was discovered when the data was exposed for a short time, The Associated Press reported.
PC Gamer speculates that the “leak” Cybernews is looking more than likely a compilation of several data breaches put into a single file.
Still, Cybernews said that not only can a credential leak allow hackers to take over accounts, but it can also lead to identity theft and targeted phishing campaigns. Cybernews surmises that since the files were so numerous, it could impact “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”
How can you protect yourself?
So, how can you make sure your accounts are secure?
Choose strong and unique passwords, don’t reuse the same one over and over and use multi-factor authentication when you can.
Forbes suggests starting to change passwords now, especially if you have used the same one on several sites.
Google has already urged its users to change their logins, The London Evening Standard reported. The FBI sent warnings last month about phishing and not opening unknown links that are delivered by SMS.
Apple Insider called it digital hygiene and when passwords are needed, use unique ones which can be generated by your device’s proprietary app or other password managers.
But if a passkey is offered, use that instead.
Facebook, Apple and Google all offer that option.
PCWorld also reminds you to make sure your antivirus software is up to date, and make sure that you don’t download software from places other than the official source
Finally, keep an eye out for any unusual activity on your accounts, The Standard suggested.
© 2025 Cox Media Group
/cloudfront-us-east-1.images.arcpublishing.com/cmg/XCUXZC2XYZHCRGNNGKFEX6U3LQ.png)
