The threat landscape continues to evolve, and the message from cybersecurity experts is clear: digital vigilance and routine cyber hygiene are now non-negotiable.
The global cybersecurity community is sounding the alarm following what Cybernews has dubbed the largest data breach in history, revealing a staggering 16 billion login credentials scattered across 30 different databases. While some records are believed to overlap, researchers emphasise that much of the data stems from recent infostealer malware attacks, not just recycled incidents from the past. This latest revelation significantly raises the stakes in the ongoing battle against credential theft.
Commenting on the report, Alexandra Fedosimova, Digital Footprint Analyst at Kaspersky, explains: “16 billion records is a figure nearly double the Earth’s population, and it’s hard to believe such a vast amount of information could be exposed. This ‘leak’ refers to a compilation of 30 user data breaches from various sources. These data sets (‘logs’) are primarily obtained by cybercriminals through infostealers — malicious applications that steal information — and such incidents occur daily.
Cybernews researchers collected this data over six months from the start of the year. Their dataset likely contains duplicates due to the persistent issue of password reuse among users. Therefore, although it was noted that none of the databases they found had been previously reported, this doesn’t mean these credentials hadn’t previously leaked from other services or been collected by other infostealers.”
Kaspersky telemetry further supports the scale of the threat, reporting a 21% global increase in password stealer detections from 2023 to 2024. Infostealer malware has emerged as one of the most pervasive cyber threats, compromising millions of devices and extracting credentials, cookies, and sensitive data — all of which are then aggregated and circulated on the dark web.
Dmitry Galov, Head of Kaspersky’s Global Research and Analysis Team (GReAT) for Russia and CIS, added: “Cybernews research speaks of an aggregation of several data leaks over a long period – since the start of the year. This is a reflection of a thriving cybercrime economy that has industrialised credential theft. Credentials are harvested, enriched, and resold — often multiple times — via combo lists that are constantly updated and even made available on public platforms. What’s notable here is that the datasets were reportedly temporarily exposed via unsecured channels, making them accessible to anyone who stumbled upon them.”
Anna Larkina, Web Content Analysis Expert at Kaspersky, advises users to take urgent action and said, “This news is a good reminder to focus on digital hygiene. Regularly update your passwords, enable two-factor authentication, and use a reliable password manager, such as Kaspersky Password Manager, to store your credentials securely. If you suspect your accounts may have been compromised, contact support services immediately to regain access and limit further damage. Users should also stay alert to social engineering scams that exploit leaked data.”
Industry voices:
Peter Mackenzie, Director of Incident Response and Readiness at Sophos:
While you’d be right to be startled at the huge volume of data exposed in this leak, it’s important to note there is no new threat here — this data will most likely already have been in circulation. These datasets are amalgamated from multiple breaches. What this tells us is the sheer depth of information now available to cybercriminals. It’s a powerful reminder to everyone to take proactive steps — update passwords, use a password manager, and implement multifactor authentication. If concerned, check your email at https://haveibeenpwned.com to see if your data has been compromised.
Today, protecting the future of innovation, reputation, and digital freedom requires more than just preventing breaches. Staying ahead of emerging threats, we adhere to the integration of real-time monitoring, encrypted data storage, and AI-driven threat detection, reducing risk while building enduring trust with clients and partners by integrating cybersecurity into every aspect of operations, from digital infrastructure to the distribution chains.
Companies must implement a layered, zero-trust strategy that goes beyond reactive defense and involves constant verification of each user, device, and application. Strong access controls, multi-factor authentication, endpoint security, and frequent security audits are all part of this. Given that even the most sophisticated systems can be compromised with a single click, encouraging staff members through cybersecurity awareness training is equally crucial.Cybersecurity is now a fundamental component of trust, resilience, and business continuity in today’s hyperconnected world, not just an internal IT function.”
Data is both a strategic asset and a prime target, as the 16 billion credentials that were made public serve as a clear reminder. Protecting data at scale calls for intelligence, adaptability, trust, and immediate call to action to avoid massive data breaches.
According to Cybersecurity Ventures, Cybercrime is expected to cost the world $10.5 trillion by 2025, having already cost $9.5 trillion in 2024 alone. Attacks by ransomware now happen every 11 seconds, and the average cost of a data breach has increased to $4.88 million. Companies using automation and artificial intelligence (AI) in their security operations are saving $2.22 million on average for each breach.
The first and most crucial step in protecting consumer trust is securing critical and personally identifiable information (PII). All data is equal in the eyes of AI, and will be used blindly, unless proper parameters are set.
Additionally, mechanisms for erasing or anonymizing records must be implemented to meet regulatory and consumer expectations. Solutions like the Cloudera Shared Data Experience deliver integrated security and governance, while ensuring that only the right person is accessing the right information at the right time for the right reason.
This will ensure ‘secure by design’ – prioritizing security measures from the outset – will protect your customers and strengthen your brand.”
Bernard Montel, Technical Director and Security Strategist – EMEA, Tenable:
Firstly, this is not a new data breach. It’s the result of threat actors’ use of infostealer malware that has silently scraped usernames and passwords during breaches. This data has been bundled, traded, and resurfaced across underground forums. That said, it’s no less concerning.
Periodically we see this type of database surface, demonstrating that hackers have access to our online identities. Using scripts [a small program written in a programming language – such as Python, JavaScript, or Bash – that tells a computer step-by-step to do something] threat actors can trawl this treasure trove of information looking for patterns in passwords, but also credential reuse across multiple accounts. The latter is akin to a master key as it suggests the same combination will open multiple doors.
For organisations, it’s about understanding that this is a potential risk if these records correlate with over-privileged identities. Identities are the new perimeter given that compromised identities are at the center of nearly every successful cyberattack. Organisations must adopt an identity-first approach, that continuously validates permissions and access to prevent identity-based attacks before they occur.
Rob T. Lee, Chief of Research at SANS Institute:
After consulting multiple trusted CTI contacts, we’ve found no evidence of a fresh 16 billion-record password dump – no raw files or verified feeds have surfaced. This claim follows Forbes’ May 17 article on “19 billion stolen passwords,” which similarly lacked source attribution and clarity on whether these figures overlap. The report’s cited password-manager vendor, Keeper Security, isn’t named as the origin of the data and makes no reference to any breach on its own website. Independent of the exact breach size, enabling multi-factor authentication blocks over 90 percent of account-takeover attempts. Our recommendation to all organisations and end users is simple: verify before you panic and implement 2FA today.
Ezzeldin Hussein, Regional Senior Director, Solution Engineering, META, SentinelOne:
A strong password is your first barrier—don’t let it be the weakest link. While this recent leak aggregates old data, the danger remains current. Cybercriminals don’t need new breaches when billions of credentials are still valid and reused. These massive compilations fuel phishing campaigns, credential stuffing, and identity-based attacks at scale.
Passwords remain the first line of defense in cybersecurity, yet weak or reused credentials continue to be the leading cause of breaches worldwide. As cyber threats grow more advanced, relying on simple passwords is no longer enough—strong authentication practices are essential to safeguarding both personal and enterprise data.
A password is more than just a key—it’s the gateway to your digital identity. Strengthen it, protect it, and complement it with multi-factor authentication. Let this be a reminder—not just on World Password Day, but every day—that cyber hygiene begins with small but critical habits: changing default passwords, avoiding reuse, using password managers, and staying alert to phishing threats.
Ultimately, the path forward is clear: we must shift toward passwordless authentication through biometrics, passkeys, and zero-trust identity models. A secure password is the first step toward a more resilient digital future. It’s not just a personal responsibility; it’s a shared mission across users, enterprises, and technology providers.