Overview

• The compilation includes roughly 16 billion credentials drawn from 30 exposed data sets, many believed to originate from infostealer malware.
• Cybersecurity specialists, including Check Point’s Thomas Boele and Germany’s BSI, say the trove is a mix of older leaks rather than evidence of a recent breach.
• Analysts warn overlapping entries prevent precise estimates of how many unique accounts are exposed.
• To mitigate risk, users should replace reused passwords, enable two-factor authentication and consider passkeys or other passwordless login methods.
• The exposed credentials cover a broad array of services, from social networks and email providers to banking and government websites.