Massive Data Breach Hits Billions of Logins Across Google, Facebook and GitHub

A previously unreported data breach has exposed more than 16 billion login credentials, making it one of the largest compilations of stolen personal data ever discovered.

First reported by Cybernews, the trove of data includes credentials for widely used services, including Facebook, Google, Telegram, and GitHub, as well as access to corporate, developer, and government websites.

Researchers from Cybernews said the information likely comes from a mix of infostealer malware logs, credential stuffing databases, and previously repackaged leaks.

“This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews researchers said in a statement. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”

Google, Facebook parent Meta, and GitHub did not immediately respond to Decrypt’s requests for comment.

An info-stealer is malicious software that secretly collects sensitive data—such as passwords, financial information, and browser activity—and sends it to cybercriminals.

Unlike keyloggers, info-stealers not only capture what a victim types but also scan systems for stored passwords, cookies, autofill data, and other exploitable information.

The researchers identified 30 datasets, each ranging from tens of millions to more than 3.5 billion records. The average dataset contained around 550 million entries.

According to Cybernews, the datasets were briefly exposed online through unsecured cloud storage. While they were quickly taken down, the exposure was enough for the datasets to be collected and analyzed.

The individuals or groups responsible for the leak have not been identified.

In a separate incident, Coinbase disclosed in May that a breach in December affected more than 69,000 customers. That same month, the crypto exchange was targeted by cybercriminals demanding a $20 million Bitcoin ransom for stolen customer data. Instead of complying, Coinbase launched a $20 million bounty to track down the attackers.

“They then tried to extort Coinbase for $20 million to cover this up. We said no,” Coinbase said in a statement at the time.

Experts warn that data breaches pose serious risks to individuals and organizations, particularly those that lack strong cybersecurity practices, such as multi-factor authentication and routine password updates.

“Not all sites force password reset upon breach discovery,” a security expert told Decrypt. “People reuse passwords all the time, or variants of them, making them easy targets.”

The expert, speaking on condition of anonymity, noted that the latest leak will most severely impact smaller websites and individual users with limited cybersecurity resources.

A Preventable Breach?

While the scale of the breach is alarming, the root cause isn’t new or particularly sophisticated, and could have limited impact on those using two-factor authentication, password managers, and passkeys as essential defenses.

“Normal users will be impacted,” the expert said. “Users with 2FA will be fine.”

Multi-factor authentication in the form of mobile apps like Google Authenticator and Microsoft Authenticator adds a critical layer of security by requiring users to verify their identity through an additional method, such as a text message code, app notification, face ID, or fingerprint.

Passkeys, a newer alternative to traditional passwords, eliminate the need for login credentials entirely by using cryptographic keys stored on a user’s device. Passkeys are “origin-bound,” meaning they only work with the specific website or service for which they were created.

Passkeys are considered more secure and less vulnerable to phishing attacks, and are being adopted by industry giants such as Google, Amazon, Apple, and Microsoft.

Edited by Sebastian Sinclair