16 Billion Passwords Leaked: Massive Credential Dump Hits Apple, Google, Facebook Users

Jun 20, 2025

Overview

In mid–June 2025, researchers uncovered an unprecedented digital breach: approximately 16 billion exposed login credentials compiled from 30 distinct datasets, each containing anywhere from tens of millions to over 3.5 billion records.

Experts confirm this is not a traditional hack of Apple, Google, or Facebook—but rather a massive aggregation of stolen data primarily harvested by infostealer malware. These logs pair account URLs with usernames and passwords from a variety of sources, including social media, developer platforms, VPNs, email services, and even government portals.

Key Findings

1. Fresh & Weaponizable Data

  • The volume—16 billion records—vastly exceeds databases like Have I Been Pwned (~15 billion total) .

  • Researchers confirm the data is “fresh, weaponizable intelligence at scale,” not merely recycled leaks.

2. Breadth, Not Depth

  • The leak wasn't a single breach; instead, 30 disparate dumps compiled over months—likely captured from misconfigured cloud environments.

  • Some datasets contained overlap; the distinct number of impacted individuals remains unclear.

3. Infostealers in the Spotlight

  • Infostealer malware targets browsers, apps, and local storage, aggregating credentials into logs upon infecting devices.

  • These logs are typically transmitted to attackers or sold via underground forums.

What the Experts Say

“This is not just a leak – it’s a blueprint for mass exploitation.”

Despite the scale, companies like Apple, Google, and Facebook were not directly breached. Credentials relating to those sites were likely captured from users via malware or other incidents and logged for aggregation.

Why It Matters

  • Credential stuffing: Attackers now have the scale to automate login attempts across services.

  • Phishing & account takeovers: Paired credentials easily fuel targeted attacks.

  • Corporate and government risks: Data includes logins tied to enterprise and public-sector portals.

Immediate Actions to Take

  1. Change passwords immediately—prioritize high-value accounts (email, banking, social).

  2. Use a password manager to generate strong, unique passwords.

  3. Enable 2FA, ideally with phishing-resistant FIDO2 security keys.

  4. Use passkeys (biometrics or device‑bound credentials) where supported—Google advocates them post‑breach.

  5. Monitor account activity, using alerts and dark‑web monitoring tools.

Final Word

This leak is a stark reminder: credential hygiene is no longer optional. With vast reservoirs of login data now accessible to criminals, even modest accounts could become gateways to identity theft, fraud, or corporate breaches. Strengthening security—now—is your best defense.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Jul 6, 2026

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Jun 26, 2026

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Jun 23, 2026

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Jun 17, 2026

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Jun 10, 2026

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

Jun 3, 2026

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.