Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach

Security researchers confirm freshly stolen passwords from dozens of platforms now circulating online
Security researchers have identified an unprecedented leak encompassing approximately 16 billion user credentials, marking the largest such exposure on record.

The newly discovered databases comprise some 30 distinct datasets, each containing tens of millions to several billion records.

The information is believed to be obtained via infostealer malware campaigns targeting browser-saved credentials, session data, and cookies in real time.

This collection includes login details from major tech platforms—among them Apple, Google, Facebook, GitHub, and Telegram—as well as from VPN services, developer portals, online marketplaces, and government systems.

Each record reportedly combines URL, username or email, and password, enabling direct reuse for phishing or credential-stuffing attacks.

Cybercrime analysts describe the dataset as largely new, rather than recycled from earlier breaches.

The presence of intact login sequences and freshly stolen session tokens is cited as evidence of active malware operations in 2025.

The leak is said to have surfaced across underground forums and marketplaces in plain-text form, elevating its potential for automated exploitation.

Additionally, broader industry analysis during 2024–25 has catalogued over 19 billion leaked passwords across more than 200 breaches, with only around 6 percent being unique.

A staggering 94 percent of the datasets comprised reused or common credentials, with examples such as “123456,” “password,” and “admin” appearing hundreds of millions of times.

The reuse of credentials across accounts enables high-volume automated attacks, commonly referred to as credential stuffing, which carry success rates of up to 2 percent per million attempted logins.

Weak passwords remain prevalent: around 42 percent of entries are only 8–10 characters long, and roughly 27 percent use solely lowercase letters and digits.

The root cause of the leak is ascribed to infostealer malware.

These tools infiltrate endpoints and harvest sensitive credentials before packaging them into standardized databases for distribution in criminal marketplaces.

Analysts warn that the scale and freshness of this leak create a “blueprint for mass exploitation,” with direct applicability to phishing, account takeover, identity theft, and enterprise intrusion campaigns.

Platforms across sectors—financial services, healthcare, social media, government—face heightened risk as attackers deploy automated login attempts using the leaked credentials.

In prior incidents, such as between April 2024 and April 2025, over 3 terabytes of raw leaked data were analysed, revealing the systemic vulnerability posed by credential reuse worldwide.

Research emphasises that even simple dictionary-style passwords enable rapid account breaches when combined with attacker-owned automation systems.

The leak also echoes earlier megabreaches, such as the “RockYou2024” archive containing nearly 10 billion passwords compiled from two decades of incident data.

However, the current 16 billion-credential exposure is distinguished by its proximity in time and volume of nascent threat intelligence.

This situation illustrates the expanding role of malware-based exfiltration in complementing traditional data breach strategies, and paints a picture of rapidly circulating credential data re-entering the attacker economy almost in real time.
AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
Declining Beer Consumption Signals Cultural Shift in Germany
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
Western Europe Records Hottest June on Record
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
China’s Central Bank Consults European Peers on Low-Rate Strategies
France Requests Airlines to Cut Flights at Paris Airports Amid Planned Air Traffic Controller Strike
Poland Implements Border Checks Amid Growing Migration Tensions
Emirates Airline Expands Market Share with New $20 Million Campaign
Amazon Reaches Milestone with Deployment of One Millionth Robot
Yulia Putintseva Calls for Spectator Ejection at Wimbledon Over Safety Concerns
House Oversight Committee Subpoenas Former Jill Biden Aide Amid Investigation into Alleged Concealment of President Biden's Cognitive Health
Amazon Reaches Major Automation Milestone with Over One Million Robots
Extreme Heat Wave Sweeps Across Europe, Hitting Record Temperatures
Meta Announces Formation of Ambitious AI Unit, Meta Superintelligence Labs
Robots Compete in Football Tournament in China Amid Injuries
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Germany Votes to Suspend Family Reunification for Asylum Seekers
Budapest Pride Parade Draws 200,000 Participants Amid Government Ban
Southern Europe Experiences Extreme Heat
Xiaomi's YU7 SUV Launch Garners Record Pre-Orders Amid Market Challenges
Jeff Bezos and Lauren Sanchez's Lavish Wedding in Venice
Russia Launches Largest Air Assault on Ukraine Since Invasion
Massive Anti-Government Protests Erupt in Belgrade
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Hungary's Prime Minister Criticizes NATO's Role in Ukraine
EU TO HUNGARY: LET THEM PRIDE OR PREP FOR SHADE. ORBÁN TO EU: STAY IN YOUR LANE AND FIX YOUR OWN MESS.
Hungarian Scientist to Conduct 30 Research Experiments on the International Space Station
NATO Members Agree to 5% Defense Spending Target by 2035
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
International Astronaut Team Launched to Space Station
Macron and Merz: Europe must arm itself in an unstable world
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Iran Intensifies Crackdown on Alleged Mossad Operatives After Sabotage Claims
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
Oil Prices Set to Surge After US Strikes Iran
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
×