Experts report “unprecedented” leak of 16 billion passwords from Apple, Google and Facebook: here’s how to protect yourself

More than 16 billion logins and passwords for services such as Apple, Google, Facebook, Telegram and even government platforms were compromised by a data leak considered “unprecedented” . The report was made by researchers from the specialized portal Cybernews, who warned of the catastrophic potential of the episode. According to experts, this is the largest cybersecurity incident ever recorded to date.

The credentials were compiled from 30 different databases, each containing anything from tens of millions to more than 3.5 billion records. Much of this material had never been detected in previous public leaks — indicating that the data is fresh and therefore highly exploitable by cybercriminals.

“This is not just a leak – it is a plan for mass exploitation. What is concerning is that this is new, structured intelligence, ready for large-scale malicious use,” the researchers said in an official statement.

Data organization facilitated attacks

The information was exposed in the form of a URL, login and password, a structure that facilitates the actions of groups specialized in cyberattacks. This data can be used in automated attempts to hack any type of online account — from social networks and emails to banking and corporate platforms.

According to investigators, many of these credentials were collected by “infostealer” malware, spyware that captures everything a victim types, such as passwords and banking information, and sends this content to malicious operators. The material is already circulating on the dark web, at affordable prices — a factor that increases the risk of attacks on a global scale.

Former National Security Agency (NSA) expert and CEO of Desired Effect, Evan Dornbush, told Forbes that in cases like this, the level of sophistication of the password doesn't matter: "It doesn't matter how complex it is. If the database is compromised, your password is exposed."

Brazil was also the target of a leak

The new mega leak is reminiscent of an episode that occurred in 2021, when 10 million Brazilians' passwords were exposed in a global leak. A survey by the cybersecurity company Syhunt revealed that thousands of these data belonged to government agencies, such as the National Congress, the Supreme Court and even Petrobras, which had more than 8,800 passwords compromised.

Given the seriousness of the case, experts recommend that users immediately change repeated passwords between different services, activate two-factor authentication (2FA) and adopt reliable password managers.

More than that, the moment is seen as opportune to accelerate the adoption of so-called passkeys — technology that replaces passwords with biometric authentication methods or local encrypted codes. Apple, Google and Facebook already support the model, which should become standard on the internet in the next three years, according to projections by Forbes .

Step by step to increase security:

• Immediately change reused passwords;
• Use different passwords for each account;
• Enable two-factor authentication (2FA);
• Use reliable password managers;
• Adopt passkeys whenever possible;
• Be aware of suspicious messages (phishing).