Overview
- Approximately 16 billion unique passwords were exposed, making this one of the largest credential breaches on record.
- The data was harvested by Infostealer malware that covertly captured usernames and passwords from users’ devices.
- Compromised entries span email, social media platforms such as Google and Facebook, developer services and several government portals.
- Stolen credentials were organized with site URLs, usernames and passwords to streamline sale and misuse online.
- Experts advise users to change all passwords, enable two-factor authentication, adopt password managers or passkeys and use tools like Have I Been Pwned and Google’s Password Checkup to verify account safety.