London Daily

Focus on the big picture.
Saturday, Jul 19, 2025

16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach

Security researchers confirm freshly stolen passwords from dozens of platforms now circulating online
Security researchers have identified an unprecedented leak encompassing approximately 16 billion user credentials, marking the largest such exposure on record.

The newly discovered databases comprise some 30 distinct datasets, each containing tens of millions to several billion records.

The information is believed to be obtained via infostealer malware campaigns targeting browser-saved credentials, session data, and cookies in real time.

This collection includes login details from major tech platforms—among them Apple, Google, Facebook, GitHub, and Telegram—as well as from VPN services, developer portals, online marketplaces, and government systems.

Each record reportedly combines URL, username or email, and password, enabling direct reuse for phishing or credential-stuffing attacks.

Cybercrime analysts describe the dataset as largely new, rather than recycled from earlier breaches.

The presence of intact login sequences and freshly stolen session tokens is cited as evidence of active malware operations in 2025.

The leak is said to have surfaced across underground forums and marketplaces in plain-text form, elevating its potential for automated exploitation.

Additionally, broader industry analysis during 2024–25 has catalogued over 19 billion leaked passwords across more than 200 breaches, with only around 6 percent being unique.

A staggering 94 percent of the datasets comprised reused or common credentials, with examples such as “123456,” “password,” and “admin” appearing hundreds of millions of times.

The reuse of credentials across accounts enables high-volume automated attacks, commonly referred to as credential stuffing, which carry success rates of up to 2 percent per million attempted logins.

Weak passwords remain prevalent: around 42 percent of entries are only 8–10 characters long, and roughly 27 percent use solely lowercase letters and digits.

The root cause of the leak is ascribed to infostealer malware.

These tools infiltrate endpoints and harvest sensitive credentials before packaging them into standardized databases for distribution in criminal marketplaces.

Analysts warn that the scale and freshness of this leak create a “blueprint for mass exploitation,” with direct applicability to phishing, account takeover, identity theft, and enterprise intrusion campaigns.

Platforms across sectors—financial services, healthcare, social media, government—face heightened risk as attackers deploy automated login attempts using the leaked credentials.

In prior incidents, such as between April 2024 and April 2025, over 3 terabytes of raw leaked data were analysed, revealing the systemic vulnerability posed by credential reuse worldwide.

Research emphasises that even simple dictionary-style passwords enable rapid account breaches when combined with attacker-owned automation systems.

The leak also echoes earlier megabreaches, such as the “RockYou2024” archive containing nearly 10 billion passwords compiled from two decades of incident data.

However, the current 16 billion-credential exposure is distinguished by its proximity in time and volume of nascent threat intelligence.

This situation illustrates the expanding role of malware-based exfiltration in complementing traditional data breach strategies, and paints a picture of rapidly circulating credential data re-entering the attacker economy almost in real time.
Comments

Abe Wine 28 days ago
You spend too much effort excoriating weak passwords. What possible difference does it make when thieves steal the passwords and can use them directly with no effort to decode them?

Newsletter

Related Articles

0:00
0:00
Close
Brazil's Supreme Court Imposes Radical Restrictions on Former President Bolsonaro
Centrist Criticism of von der Leyen Resurfaces as she Survives EU Confidence Vote
Judge Criticizes DOJ Over Secrecy in Dropping Charges Against Gang Leader
Apple Closes $16.5 Billion Tax Dispute With Ireland
Von der Leyen Faces Setback Over €2 Trillion EU Budget Proposal
UK and Germany Collaborate on Global Military Equipment Sales
Trump Plans Over 10% Tariffs on African and Caribbean Nations
Flying Taxi CEO Reclaims Billionaire Status After Stock Surge
Epstein Files Deepen Republican Party Divide
Zuckerberg Faces $8 Billion Privacy Lawsuit From Meta Shareholders
FIFA Pressured to Rethink World Cup Calendar Due to Climate Change
SpaceX Nears $400 Billion Valuation With New Share Sale
Microsoft, US Lab to Use AI for Faster Nuclear Plant Licensing
Trump Walks Back Talk of Firing Fed Chair Jerome Powell
Zelensky Reshuffles Cabinet to Win Support at Home and in Washington
"Can You Hit Moscow?" Trump Asked Zelensky To Make Putin "Feel The Pain"
Irish Tech Worker Detained 100 days by US Authorities for Overstaying Visa
Dimon Warns on Fed Independence as Trump Administration Eyes Powell’s Succession
Church of England Removes 1991 Sexuality Guidelines from Clergy Selection
Superman Franchise Achieves Success with Latest Release
Hungary's Viktor Orban Rejects Agreements on Illegal Migration
Jeff Bezos Considers Purchasing Condé Nast as a Wedding Gift
Ghislaine Maxwell Says She’s Ready to Testify Before Congress on Epstein’s Criminal Empire
Bal des Pompiers: A Celebration of Community and Firefighter Culture in France
FBI Chief Kash Patel Denies Resignation Speculations Amid Epstein List Controversy
Air India Pilot’s Mental Health Records Under Scrutiny
Google Secures Windsurf AI Coding Team in $2.4 Billion Licence Deal
Jamie Dimon Warns Europe Is Losing Global Competitiveness and Flags Market Complacency
South African Police Minister Suspended Amid Organised Crime Allegations
Nvidia CEO Claims Chinese Military Reluctance to Use US AI Technology
Hong Kong Advances Digital Asset Strategy to Address Economic Challenges
Australia Rules Out Pre‑commitment of Troops, Reinforces Defence Posture Amid US‑China Tensions
Martha Wells Says Humanity Still Far from True Artificial Intelligence
Nvidia Becomes World’s First Four‑Trillion‑Dollar Company Amid AI Boom
U.S. Resumes Deportations to Third Countries After Supreme Court Ruling
Excavation Begins at Site of Mass Grave for Children at Former Irish Institution
Iranian President Reportedly Injured During Israeli Strike on Secret Facility
EU Delays Retaliatory Tariffs Amid New U.S. Threats on Imports
Trump Defends Attorney General Pam Bondi Amid Epstein Memo Backlash
Renault Shares Drop as CEO Luca de Meo Announces Departure Amid Reports of Move to Kering
Senior Aides for King Charles and Prince Harry Hold Secret Peace Summit
Anti‑Semitism ‘Normalised’ in Middle‑Class Britain, Says Commission Co‑Chair
King Charles Meets David Beckham at Chelsea Flower Show
If the Department is Really About Justice: Ghislaine Maxwell Should Be Freed Now
NYC Candidate Zohran Mamdani’s ‘Antifada’ Remarks Spark National Debate on Political Language and Economic Policy
President Trump Visits Flood-Ravaged Texas, Praises Community Strength and First Responders
From Mystery to Meltdown, Crisis Within the Trump Administration: Epstein Files Ignite A Deepening Rift at the Highest Levels of Government Reveals Chaos, Leaks, and Growing MAGA Backlash
Trump Slams Putin Over War Death Toll, Teases Major Russia Announcement
Reparations argument crushed
Rainmaker CEO Says Cloud Seeding Paused Before Deadly Texas Floods
×