Overview

• Approximately 16 billion unique passwords were exposed, making this one of the largest credential breaches on record.
• The data was harvested by Infostealer malware that covertly captured usernames and passwords from users’ devices.
• Compromised entries span email, social media platforms such as Google and Facebook, developer services and several government portals.
• Stolen credentials were organized with site URLs, usernames and passwords to streamline sale and misuse online.
• Experts advise users to change all passwords, enable two-factor authentication, adopt password managers or passkeys and use tools like Have I Been Pwned and Google’s Password Checkup to verify account safety.