Cybersecurity experts have uncovered a staggering 16 billion login credentials floating around online. And while this isn’t the result of a fresh data breach, it’s a wake-up call for anyone who’s ever saved a password in their browser and forgotten about it.
Researchers at Cybernews came across 30 separate datasets filled with usernames and passwords, most of them stolen using something called “infostealer” malware.
These malicious tools quietly dig into your device and harvest your saved logins, credit card details, and browsing history. They don’t hack the big companies directly. Instead, they pickpocket your personal data when you’re not looking.
If you reuse the same password across your email, social media, or online banking, one stolen login could open the floodgates.
What’s actually happened?
Here’s the lowdown:
The data was scraped from infostealer logs and past breaches, not from new hacks.
Around 85% of it came from malware installed on people’s own devices.
The information was publicly exposed for a brief window before being taken offline, long enough to be a goldmine for cybercriminals.
As cybersecurity expert Peter Mackenzie put it: “There is no new threat here, but it shows how much sensitive information is still floating around. If you haven’t changed your passwords or enabled multifactor authentication, now’s the time.”
What should you do now?
If you’re feeling unsure about your online safety, there are a few simple steps you can take right now to protect yourself:
Change your passwords, especially if you’ve reused them across accounts
Turn on multi-factor authentication (MFA) wherever you can. It adds an extra layer of protection
Use a password manager to store strong, unique passwords for each site
Check if your info has already been compromised using HaveIBeenPwned.com
And if you want to go a step further, we’ve put together a handy guide to walk you through exactly what to do after a data breach.
Why this matters
Cybersecurity researcher Bob Diachenko, who led the discovery, called the size of this leak “enormous.” And he’s not exaggerating. Every one of those 16 billion logins is a potential entry point for scammers and identity thieves.
It’s a reminder of just how vulnerable personal data can be, and why now’s a great time for a bit of password housekeeping.
Don’t wait for a major breach to make a change. Be proactive. Because staying secure online doesn’t need to be complicated. It just needs to be done.
Don’t miss a thing with Join the Claim
Join the Claim keeps you updated on the latest consumer justice stories, breaking them down in plain English. Whether it’s a court ruling, a new data breach investigation, or the launch of a group action, we’ll keep you informed.
Want the latest claim news delivered straight to your inbox?
Sign up to our newsletter for quick updates, breaking developments, and insider info on what claims are heating up next.
No spam. Just useful updates that could be worth thousands.
