/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/media_files/2025/06/23/data-breach-2025-06-23-10-01-41.jpg)
One of the largest data leaks in history by the number of stolen credentials has been discovered by cybersecurity researchers who revealed 16 billion pieces of data comprising the credentials of most significant online services, including logins and passwords, as well as other sensitive data. The result of the investigation found 30 independent sets of data dumps comprising tens of millions of to more than 3.5 billion records.
The stolen data involves logins to social media, VPNs, developer tools, and such popular services as Apple, Google, Facebook, GitHub, Telegram, and even government portals. The credentials allow access to much more than just usernames and passwords applied to such a large number of services that you probably fall under the following sooner or later: Apple, Google, Facebook, Telegram, developer, VPN, even government, and many others. The majority of this information is gathered by infostealer malware, a type of virus that extracts identifiers, and passwords of infected gadgets, and subsequently publishes them on the Internet.
Researchers warn that such a large number of records breached and its recent nature implies that both old and new credentials are present, and data sets have too much overlap to know who may be affected. Yet, the professionals also insist that all people should think that their credentials have been stolen and act accordingly, switch your passwords on all your important accounts immediately, switch to multi-factor authentication, and review your accounts with a watchful eye. “The best defense against hackers is not technology, but awareness", says James Scott, Senior Fellow, Institute for Critical Infrastructure Technology.
To give yourself extra confidence, you can check whether your email or username is present in known leaks using the more well-known breach notification companies like “Have I Been Pwned” although do bear in mind that not every new breach is immediately added to a breach notification service. It has been suggested finally, the best way forward would be to show corrective measures before it is too late, since there is no way of considering any user or service to be safe with a breach of this magnitude
The infostealer malware epidemic
The problem that leads to this mega breach is a prevalent virus called infostealer malware, and it is malicious software that acquires username of devices, passwords, and other user-specific data without any user intervention. Such malware attacks are unending, whether on individuals or organisations. When the stolen data is obtained, it is combined into large databases which might be sold or leaked on the internet giving rise to a loop of hacking accounts, phishing, ID theft, and monetary fraud.
Researchers caution us that this is not a one-time incident. The datasets with billions of credentials are created almost every few weeks and it demonstrates the long-lasting and widespread nature of these attacks.
Dhiraj Gupta, Co-Founder and CTO, mFilterIt says “When credentials and personal details are leaked at this scale, it’s not just about hacked accounts—it’s about how easily trust can be exploited. Most people reuse passwords or follow simple patterns, making it easier for attackers to break into multiple accounts. And when personal data is part of the leak, phishing scams become frighteningly believable. A fraudster who knows your name, number, or past transactions can sound just like your bank or your favourite app. That’s when people let their guard down.
We all need to shift gears—users should stop reusing passwords, enable two-factor authentication, and pause before sharing any personal information over calls or emails. But this isn't just a user problem. Brands and platforms must step up too—with better monitoring, authentication protocols, and user awareness. The responsibility to protect users doesn’t end at the login screen.”
Hackers vs. Cybersecurity
According to Ted Schlein, on LinkedIn in data breach discussions, the Venture Capitalist shared, “There are only two types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it.”
This intrusion stresses a very bleak realisation. No business, not even the largest and most secured, can guarantee its safety against data hacking. Cybersecurity is an ongoing war on hackers and defenders. Under pressure, criminals are changing their ways and often rely on artificial intelligence to circumvent those fortifications. Artificial intelligence has become an AI that is applied by the attacker as well as the defender: attackers utilise it to automate the process of hacking and creating advanced phishing schemes, whereas cybersecurity experts turn it into an advantage for locating threats and reacting upon them with unprecedented speed.
When the number of credentials exposed in a single data breach is 16 billion, the implication in the real world is devastating, not to mention multi-dimensional. Now hackers are able to gain access to your email, bank and social media accounts so that your personal and financial data are under imminent threat. Stolen information may contribute to identity theft whereby the criminal is able to masquerade as you and initiate fraudulent accounts, or engage in one form of fraud or the other in your name.
The fact that there is simply too much leaked personal information is another advantage that the scammers have to create highly personalised phishing attacks, which makes the operations much more believable and difficult to identify. Finally, they may lead to unauthorised transactions, empty bank accounts, and even ruined credit that would not be repaired any easier than what the victims have lost money.
How can you protect yourself?
Ginni Rometty, Former CEO, IBM says “Cybercrime is the single biggest threat to every company on earth.” on LinkedIn in cybersecurity industry posts. Even when you are confident in the companies you use, your information is still not entirely safe in the modern world characterised by mega breaches. To defend yourself, the first step is also the easiest, as you should reset your passwords right here and now and employ distinct, complex passwords on each and every account and never reuse them among services; a password manager will assist you to both create and safely store them.
Turn on multi-factor authentication (MFA) where available, in particular on sensitive accounts, such as email, banking, and social media and prefer authenticator applications or hardware keys, rather than SMS as a second authentication factor. Log into your banks, credit cards, and online accounts regularly and be aware of unusual activity on the accounts, and you may consider subscribing to identity monitoring services, which will alert you when some of your information shows up on the dark web.
One should be cautious of phishing and social engineering, avoiding unfamiliar links or attachments and never disclose personal data until the sender is confirmed. Routinely install new operating system, app and antivirus updates on your devices, and eliminate unneeded applications to limit the number of vulnerabilities. To prevent the accumulation of sensitive data that you save on the web, do not save credit card numbers unless, without exception, it is required in order to save them.
Delete accounts that you are not using and are not going to be used. Last but not least, when you think your data is stolen, you should put a fraud alert with a credit bureau or think of freezing your credit to avoid new openings of accounts under your name fraudulently. These are some of the proactive measures that can leave your risk significantly low, despite not being able to control the breaches.
Future outlook
This is a classical example of how data security is never guaranteed, as the process is an ongoing attack-defense game. Hackers have become more intelligent and automatised and you need to do likewise. However, you can easily cut the risk significantly by following good password hygiene, enabling multi-factor authentication, and by being alert, even when the largest companies in the world succumb, you can still mitigate your risk.
Be active, be aware and do not react when a breach happens. The security of your online life depends upon you.
Read Molre:
AI Cybersecurity: Getting the sea-legs, are we?
Cybersecurity at risk amid Indo-Pak conflict : Why this crisis demands digital vigilance
Cybersecurity and AI: Shaping India’s digital future
AI and Quantum Computing in Cybersecurity: What It Means for You