Apple, Google and Facebook Among Services Exposed In Massive Leak of More Than 16 Billion Login Records

A sprawling trove of over 16 billion login credentials tied to platforms like Apple AAPL, Google GOOGL, and Facebook META has surfaced online, marking one of the most extensive exposures of personal data in history, according to cybersecurity researchers tracking infostealer activity.

Cybersecurity researchers have uncovered 30 massive data collections this year alone, each containing tens of millions to over 3.5 billion user credentials, Cybernews reported.

These previously unreported datasets were briefly accessible through misconfigured cloud storage or Elasticsearch instances, giving the researchers just enough time to detect them, though not enough to trace their origin.

The findings paint a troubling picture of how widespread and organized credential leaks have become, with login information originating from malware known as infostealers.

These malicious programs siphon usernames, passwords, and session data from infected machines, usually structured as a combination of a URL, username, and password.

The leaked credentials span a wide range of services from tech giants like Apple, Facebook, and Google, to platforms such as GitHub, Telegram, and various government portals.

Some datasets were explicitly labeled to suggest their source, such as “Telegram” or a reference to the Russian Federation.

Others bore generic names like “logins” or “credentials.”

Researchers say these leaks are not just a case of old data resurfacing.

Get Started

Trade Bitcoin, Ethereum, and More Instantly — No Wallets, No Hassle

Speculate on price movements, claim up to $200 in bonuses, and start with risk-free paper trading with crypto futures on Plus500.

Get Started

Disclosure: 82% of retail CFD accounts lose money

Also Read: Utila Integrates Chorus One For Institutional Staking On Ethereum, Solana

Many of the records appear recent and structured in ways that make them especially useful for cybercriminals looking to run phishing campaigns, hijack accounts, or compromise corporate systems lacking multi-factor authentication.

What's more alarming is the scale: while it's impossible to determine how many unique individuals are affected due to overlapping records, the average dataset uncovered held 550 million records.

One dataset alone contained more than 3.5 billion records, with another 455 million believed to originate from Russian sources.

Although some of these datasets may have been compiled by security researchers monitoring dark web activity, experts believe a significant portion is controlled by threat actors.

Cybercriminals value such databases for their ability to scale up attacks, even a fraction-of-a-percent success rate could impact millions.

The incident underscores a critical weakness in digital security: even if your system is secure, your credentials may already be circulating due to past breaches or infostealer infections. With companies tightening access to search APIs and data channels, datasets like these grow more valuable and dangerous.

Users are advised to practice strong cybersecurity hygiene, using complex, regularly changed passwords and scanning systems for malware, as a frontline defense against these kinds of mass credential exposures.

Read Next: Lion Group Shares Surge 20% After $600M Deal For Hyperliquid Treasury Launch

Image: Shutterstock