On June 20, 2025, cybersecurity researchers announced what is now considered the largest data breach in history, exposing around 16 billion login credentials. Led by Vilius Petkauskas, a team from Cybernews has been investigating suspicious activities since early 2025, uncovering a vast trove of stolen data from numerous major online platforms.

The breach was detected across multiple datasets, totaling 30 separate data dumps, each containing tens of millions to over 3.5 billion records. According to Petkauskas, “This is not just a leak – it’s a blueprint for mass exploitation. These credentials are ground zero for phishing attacks and account takeover; these aren’t just old breaches being recycled, the researchers warned.”

The leaked data includes login information for social media giants such as Apple, Facebook, Google, and platforms like GitHub and Telegram. It also affects VPN services, developer tools, corporate systems, and even government portals.

Most of the stolen credentials were gathered through malicious malware called infostealers, designed to covertly harvest usernames and passwords from infected devices. In some cases, exposed data resulted from misconfigured cloud environments left unprotected online.

This security breach is especially alarming because many datasets are recent, organized, and ready for immediate use by cybercriminals. The datasets’ structure usually included URLs followed by usernames and passwords, making exploitation straightforward. Experts warn that such data could be used for phishing, identity theft, ransomware, and other cybercrimes.

Cybersecurity professionals recommend taking prompt action to mitigate risks. This includes using strong, unique passwords for different accounts and enabling multi-factor authentication wherever possible. Darren Guccione, CEO of Keeper Security, emphasized the importance of password management tools and dark web monitoring to protect personal data amidst this crisis.

This incident underscores that cybersecurity is a shared responsibility. Users must stay vigilant for suspicious activities and update security practices, especially in an era where data breaches of this scale are increasingly common and impactful. As the threat landscape evolves, continuous awareness and proactive protection are essential to safeguarding digital identities.