Imagine your phone vibrates, and you see it’s not a social media notification, it’s a warning that your online presence is at risk. Your logins, your passwords, everything is leaked. This is not a fiction or a dramatic scene. This is exactly what is going on today. The news of the password leak was originally published on June 18, 2025, and then updated with comments by the founders of Keeper Security. Over 16 billion. The affected users were mostly linked with Apple, Google, Facebook, and Telegram. This is not an ordinary data breach; it’s a wake-up call for the whole digital world.
What Happened and How Gigantic Is This?
The datasets that are exposed differ widely. Almost 30 datasets have been identified, each of which contains between 3 million to 3.5 million records. So, altogether, there are almost 16 billion credentials that are now available on the dark web. These credentials include emails, names, addresses, and most importantly, passwords.
This incident wasn’t your everyday hackers trying to guess their luck, this was a result of relentless planned attacks by an infostealer. The most alarming thing here is that most of these leaked passwords have never been seen before. All the data was fresh, no old or reused passwords.
Password leaks are not stopping. We are hearing news of data leaks almost every few days. Is this a normal thing? Should we care about it? Why do we think that we do not have any important information on the internet? Think about it again, your emails, home address, bank details, digital cards, pictures, and everything that you want to keep personal. Still, the majority of us don’t think twice about this.
Major Leaks in the Past
Here are a few previous data leaks.
| Leak Name & Date | Scale & Data Type | Why It Matters |
| RockYou2021 (Feb 2023) | 8.4 billion unique passwords | The number of data leaks is bigger than the world’s internet population, used to fuel credential‑stuffing attacks |
| RockYou2024 (Jul 2024) | ~10 billion plaintext passwords | This leak included 1.5 billion new entries. This was a goldmine for hackers. |
| Dark Web Alert (May 11, 2025) | 2.9 billion unique passwords & 14 million credit cards | Passwords leaked increased by up to 43% in a year. The targeted accounts consisted of the U.S. |
| COMB Leak (May 2025) | 3.2 billion unique email/password pairs | It affects up to 70% of the global internet users, dubbed as “mother of all breaches”. It was the compilation of multiple past leaks. |
What’s Happening in 2025?
Besides the mentioned attacks, in 2025, we have noticed many cyberattacks. This includes:
1. Password Spraying campaigns
Recently, Microsoft has reported that attackers try common passwords (like spring2025!) across tens of thousands of accounts of Microsoft EntraID, Outlook, OneDrive, etc, due to which over 80,000 accounts were targeted in concentrated bursts.
2. Infostealer malware
The infostealers have malware that is designed to snatch sensitive data. These malware attacks have expanded by 266% this year. Consequently, a massive breach of login details, 2-factor Authentication tokens, financial information, and browser cookies took place.
3. Password leak
In early May, 19 billion passwords were found on the dark web. Most of them were old but active, which indicates that the reuse of common and leaked passwords makes users more vulnerable to cyberattacks.
4. 16 Billion Leak
As if that was not enough, June brought the biggest leak yet, about 16 billion fresh credentials are on the dark web. This was not old data, and most importantly, it affected the users of high-valued companies like Apple, Facebook, Google, Telegram etc.
What the Experts Are Saying?
Red flags have been raised by the security professionals. Darren Guccione, CEO of Keeper Security, said that “how easy it is to expose sensitive data online unintentionally.” Surprisingly, the reason isn’t always hacking or compromised passwords. Sometimes, it’s due to misconfigured server settings and corruption that leads to such violations. What worries him the most? These leaked credentials come from the platforms that we use in our daily life, and these accounts are highly valued. This makes the situation far more serious.
Consider all your passwords and personal information currently uploaded to the cloud. Now imagine how much of it is not secure because of the wrong configuration. In case security experts locate it, they can report it and rescue the day. But what happens when a hacker gets it first? You can probably imagine that catastrophe. This is the reason users should start using password managers to store and create unique, strong passwords, along with dark web monitoring tools. These tools can alert you if your passwords are compromised. The organizations should also abide by it.
Guccione said that a zero-trust policy should be executed. It means no one should be allowed to access sensitive information without being verified. In short:
- Verify access
- Monitor every login
- Protect your data as it matters, because it does.
What You Should Do in a Data Breach Situation
This is what you can do to lock down your accounts and keep yourself safe:
1. Change your Passwords
Begin with your email, social, bank, and shopping accounts. Change that immediately( in case you are using the same password in several locations) to make them lengthy, unique, and difficult to guess. So using names or birthdays anymore.
2. Abandoning to Reuse of Passwords
We are aware that remembering different passwords is a headache. However, using the same one on different locations is like using the same key to your home, vehicle, and workplace. A single breach opens all the doors and leaves you exposed.
3. Password Manager
Password managers can save your life. They generate high-octane passwords, store them securely, and can impetuously fill them, when you need to log in.
4. Two-Factor Authentication (2FA)
It’s like having highly trained bouncers standing at the gate of your house and then the door too. Suppose a person steals your password, despite that, he will not be able to log in because he will need an additional code that would be sent to your phone or generated with the help of an app.
5. Set up PIN codes (Passkeys)
A new way to log in called passkeys, a super safe, password-free system of logging in with features like Face ID or fingerprint, is being promoted by Google and Apple, so when a website offers you the chance to upgrade your password to a passkey, jump on it.
Cybersecurity Is Not an IT Issue
What is one big lesson we can learn from this mess? Security depends less on tools and more on how we use them. According to Javvad Malik, a security awareness expert at KnowBe4, this is what he simply states:
“It is not only handled by the organization, but the users must also be cautious and aware. Use good, distinctive passwords and multi-factor authentication where available.”
Everyone should play their role in this matter. Business organisations must secure their network, and we, the users, must stop making it convenient for hackers to attack our accounts and steal information.
News Writer