/thetatva/media/agency_attachments/2024-10-11t075417641z-tatva-logo-white-yashodhar-gulati-crop.png){kind=logo}
/thetatva/media/agency_attachments/2024-10-11t075412214z-tatva-logo-white-yashodhar-gulati-crop.png){kind=logo}
/thetatva/media/media_files/2025/06/20/im-931175_1710512106050_1750358557227-2025-06-20-12-20-05.webp)
A huge data leak has exposed more than 16 billion passwords online, making it one of the biggest security breaches ever. Reports by Cybernews and Forbes say this leak puts millions of people at risk. Hackers could use the stolen data for phishing scams, stealing identities, and breaking into accounts.
Experts say this is not just old data. Most of the leaked usernames and passwords are new and were stolen using malware called “infostealers.” This type of malware secretly takes login details from people’s devices and sends them to hackers. These hackers then either use the data themselves or sell it on the dark web.
What’s in the leak?
The leaked data includes login details for many popular services like Google, Facebook, Telegram, GitHub, and even some government websites. The information is neatly arranged, showing the website link, username, and password, making it very easy for hackers to use.
Experts are calling this leak a "blueprint for global cybercrime" because it is so well-organised and ready to use. Around 30 big sets of data, each with millions or even billions of passwords, were combined to create a massive list of over 16 billion stolen accounts.
Why is it serious?
The most worrying part is how easy it is to get this stolen data. Reports say that even people with little tech knowledge and very little money can buy these passwords on the dark web. This puts almost everyone at risk, from regular people to big companies and government offices.
Google has advised users to move away from traditional passwords and start using more secure options like passkeys. The FBI has also issued a warning, asking people to avoid clicking on links sent through text messages or emails, especially those asking for login information, as they could lead to scams or hacking attempts.
Cybersecurity experts recommend taking immediate action to stay safe. This includes changing passwords for all major accounts, using strong and unique passwords, enabling two-factor authentication (2FA), and using password manager apps to store and manage passwords securely. It’s also helpful to use dark web monitoring tools, which can notify you if your email or password has been found in a known data breach. Taking these steps now can greatly reduce the risk of your accounts being hacked.