On June 18, 2025, researchers revealed that over 16 billion usernames and passwords from major services—like Apple, Google, Facebook, GitHub, Telegram, and government platforms—were exposed in a massive online data leak. This is one of the largest credential leaks ever discovered.

What Happened

Cybersecurity experts from Cybernews found 30 separate datasets containing between tens of millions to over 3.5 billion login credentials each. These were not remnants of old breaches but fresh data likely gathered via malware that steals credentials from infected devices.

“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said via Forbes this week. “These aren’t just old breaches being recycled. This is fresh, weaponisable intelligence at scale.”

Why This Matters

If your username and password appeared in this leak, criminals could:

• Access your online accounts by trying the credentials (credential stuffing)
• Send targeted phishing messages to steal more information
• Create fake accounts or recover accounts in your name

And because many people reuse passwords, the risk can multiply across all your accounts.

Immediate Actions You Can Take

1. Change Your Passwords Now
Start with accounts that use your standard or simple passwords. Choose strong, unique passwords for each account.

2. Use a Password Manager
A password manager helps you create and store unique, hard-to-guess passwords — so you only need to remember one.

3. Enable Two-Factor or Multi-Factor Authentication (2FA/MFA)
Add a second layer of security, such as a text message code, authenticator app, fingerprint, or security key. This helps even if your password is compromised.

4. Consider Using Passkeys
Passkeys use your phone or fingerprint instead of a password. They resist phishing and are becoming available on services like Gmail and YouTube.

• Learn how to set up passkeys for Facebook here.
• Learn how to set up passkeys for Apple here.
• Learn how to set up passkeys for Google here.

5. Watch for Suspicious Activity
Monitor your accounts for unusual sign-ins or password reset emails you didn’t initiate.

6. Beware of Phishing Scams
Even if your data wasn’t leaked, this incident may be used by criminals. Don’t click unexpected links in texts, emails, or social media. If in doubt, go directly to the website rather than clicking a link.

Why Long-Term Protection Matters

Large credential leaks like this one happen more often than most people realize—and they don’t stop at passwords. Credentials can be sold on the dark web, used for scams, and leveraged to break into additional accounts.

Take Your Protection Further with Trend Micro ID Protection

Trend Micro ID Protection offers a comprehensive approach that goes beyond password changes:

• Dark web monitoring to alert you if your data appears for sale
• Social media alerts for unusual login attempts on platforms like Facebook, Google, and Instagram
• A secure password vault to securely store and generate strong, unique passwords
• 24/7 identity-theft support and up to $1 million in identity theft insurance for U.S. users

While changing passwords and enabling MFA are essential, Trend Micro ID Protection helps proactively detect, alert, and resolve identity risks every day.

Try Trend Micro ID Protection for free—start your 7-day trial now and gain ongoing protection across your digital life.