Overview

• The breach involves 16 billion login credentials harvested stealthily by infostealer malware from 30 publicly exposed, misconfigured databases.
• Exposed records include usernames, passwords, authentication tokens and metadata linked to platforms such as Apple, Google, Facebook, Telegram, GitHub and multiple VPN providers.
• Cybersecurity experts describe it as the largest credential leak in internet history, citing fresh infostealer logs alongside older password dumps.
• CERT-In issued advisory CTAD-2025-0024 on June 23 to outline critical threats such as credential stuffing, phishing, account takeovers, ransomware and business email compromise.
• The advisory urges individuals to reset passwords and activate multi-factor authentication or passkeys while instructing organizations to audit databases, enforce least-privilege access and encrypt stored credentials.