- Cybernews identified 16 billion login records exposed online from infostealers and past breaches, spanning major platforms.
- Experts recommend urgent password resets, use of unique credentials, MFA, and adoption of passkeys to mitigate security threats.
What happened: Experts warn as 16 billion login credentials exposed via infostealer malware
Cybernews researchers uncovered 30 exposed datasets containing approximately 16 billion login credentials harvested from infostealer malware and historical data breaches—briefly accessible before removal. The data spans platforms including Google, Apple, Facebook, and government sites, though no new centralised breach is reported. Experts warn that while much of the data may already be in circulation, its scale offers a potential blueprint for widespread phishing and identity theft attacks.
Prominent cybersecurity professionals, including Bob Diachenko and analysts from Sophos and Darktrace, urge users to reset passwords, enable multi‑factor authentication, and adopt password managers or passkeys. They suggest these measures will be vital in preventing unauthorised access.
Also read: UK SMEs face cyber threats as 2 million skip cybersecurity training
Also read: Orange partners with F-Secure for enhanced cybersecurity
Why it’s important
The incident highlights the persistent threat posed by infostealer malware, which silently harvests credentials from infected systems. Although users may have already been affected by earlier leaks, the sheer volume reinforces the need for robust “cyber hygiene.” Experts emphasise that without proactive measures—such as password rotation, unique credentials per service, and multi‑factor authentication—individuals remain vulnerable to account takeovers and phishing exploits.
The exposure also showcases the limitations of password-based security and pressures firms to accelerate the adoption of passkey technology and zero-trust authentication models to reduce future risks.