Overview
- Researchers at Cybernews uncovered 16 billion fresh login records across 30 datasets this year.
- Exposed data includes usernames, passwords, session tokens, cookies and login URLs, adding complexity to remediation efforts.
- The breach resulted from infostealer malware compiling stolen credentials from infected devices rather than a central hack at major tech firms.
- The leak could fuel account takeovers, identity theft and highly targeted phishing campaigns across services from social media to government portals.
- Security specialists urge users to change all passwords, enable multi-factor authentication or passkeys, employ password managers and monitor accounts for suspicious activity.