The largest account password leak in history! Up to 16 billion account passwords leaked, covering Facebook, Google, Telegram.

According to a survey by the cybersecurity research team Cybernews, researchers discovered over 30 leaked datasets in the first half of 2025, with each set containing anywhere from tens of millions to over 3.5 billion records. Most of these datasets were briefly exposed in unencrypted Elasticsearch or cloud object storage, and while there is currently no evidence that hackers have actually gained control, the mere possibility of accessing this data has already shocked the entire cybersecurity community.

After summing up this data, the total reached an astonishing 16 billion account password records, making it the largest unreported data breach in history.

List of the top 20 data breaches (largest single file over 3.5 billion records)

According to the data chart published by Cybernews, the largest record in the top 20 data breaches contains 3.564 billion pieces of data, followed by 2.892 billion and 1.978 billion, etc.

On average, each dataset contains 550 million login credentials, which for hackers not only represent usable accounts but also serve as a starting point for identity impersonation, phishing attacks, and corporate intrusions.

Some of the datasets are named with generic terms like "logins" and "credentials", making it difficult to identify their sources; however, there are also names that reveal connections to specific platforms, such as Telegram, Russian websites, or certain cloud applications, indicating that this data does not originate from a single source but is the result of long-term collection by multiple malicious software (infostealers).

This leak is not a "resend of old data".

The research team emphasizes that this data is not a repetition of old data leaks, but rather a complete and well-structured collection that even includes login URLs, accounts, passwords, cookies, tokens, system metadata, and more. This combination of data can be used by hackers for automated login testing, account takeover, and tailored phishing emails.

This leaked information comes from various platforms, including social media (Facebook, Telegram), cloud storage services (Google Drive, Apple ID), developer platforms (GitHub), and some records even indicate a connection to government website login credentials.

Who should be worried? Almost everyone who is online is on this risk list.

Due to the wide range of information sources and the similar content structure, the research team admitted that it is impossible to accurately estimate how many accounts are unique records, and redundancy cannot be completely eliminated. However, in the face of 16 billion records, even if only 1% successfully leads to account theft, it is enough to affect millions of people.

It is even more noteworthy that certain datasets come from malware known as infostealers. Once users are infected, their login credentials may be sent instantly to hackers' databases. These databases are not only sold but are also often resold and reorganized into larger aggregate files.

New records after MOAB? Global data breaches are entering the "superscale" era.

As early as 2024, Cybernews revealed what was claimed to be the largest data breach in history, the "Mother of All Breaches (MOAB)," with a cumulative record of 26 billion entries. However, this time is different, as this 16 billion account credential data does not come from a single event, but rather from a "real-world attack blueprint" that integrates multiple sources.

Researchers warn that this data is becoming a "fuel source" for phishing attacks, account takeovers, ransomware, and even Business Email Compromise (BEC) activities. If companies do not strengthen two-factor authentication, multi-layered protection, and account behavior monitoring, they are likely to become the next victim.

If you can't stop it, start with defense: users should take these actions immediately.

Although the research team emphasizes that this data has not been publicly available for a long time and it is unclear whether it has been downloaded by hackers, it is still necessary for both general users and enterprises to conduct an immediate cybersecurity check.

Update and strengthen account passwords (using a password manager)

Enable Multi-Factor Authentication (MFA / 2FA)

Check if there are infostealers lurking in the browser and the system.

Avoid entering login information on suspicious websites.

If you have reused passwords across different platforms, you should change them immediately.

This article reports the largest account password leak in history! A total of 16 billion account credentials have been exposed, covering Facebook, Google, and Telegram, first appearing on Chain News ABMedia.