Sixteen billion logins from Apple, Facebook, and more were exposed in the biggest data breach ever

Sixteen billion usernames and passwords belonging to users of platforms like Apple, Facebook and Google have been exposed in what researchers call the biggest data breach ever recorded. Yet, despite its sheer scale, this unprecedented cyber-attack has largely gone unnoticed.

The breach came to light when cybersecurity researchers at Cybernews uncovered 30 massive datasets containing login details for billions of online accounts. The researchers warn that this is not just a routine leak, but a “blueprint for mass exploitation” that could fuel phishing attacks, fraud and account takeovers across the globe.

“This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews said in its statement. “These aren’t old breaches being recycled. This is fresh, weaponisable intelligence at scale.”

Each dataset contains tens of millions, or in some cases billions, of records — making this the largest online data leak ever discovered. The exposed files included URLs, usernames and passwords for services ranging from social media platforms like Facebook, Instagram and Twitter, to corporate services like GitHub and even government websites.

Although the databases were exposed only briefly, researchers said it was long enough for them to spot and review the data. However, it was too short a window to determine precisely who controlled the information or how many people have been impacted. According to Cybernews, the breach appears to be the work of multiple “infostealers” — automated programmes that scrape and collect login data — making it almost impossible to trace the attack back to a single source.

Google has already responded to the threat by advising billions of its users to change their passwords immediately. Meanwhile, the FBI has issued a warning to Americans about links circulated via SMS, advising the public to be wary of phishing attempts that use these freshly exposed credentials.

Most alarmingly, the researchers warned that the data allows access to “pretty much any online service imaginable,” from major platforms like Apple and Facebook to niche services used by businesses and government departments.

Cybersecurity experts have urged people to adopt strong password habits, enable multi-factor authentication and use password management tools. The sheer quantity and quality of the data exposed means that almost every online user is potentially at risk.

While authorities continue to investigate the scale and nature of the breach, one thing is already clear: this is not just another headline about stolen data. This is a pivotal moment in online security, a warning that the internet’s biggest platforms remain vulnerable to unprecedented attacks — and that the responsibility for safeguarding ourselves online has never been more urgent.