Overview

• The leak contains roughly 16 billion entries drawn from numerous past and recent breaches rather than a new single intrusion.
• Researchers attribute the compilation to infostealer malware and identify accounts from Apple, Google, Facebook and Telegram among the exposed data.
• Security firms warn the exposed credentials could fuel identity theft, phishing campaigns, account takeovers and ransomware attacks.
• Users are advised to run antivirus scans before changing passwords, enable two-factor authentication and adopt password managers for unique, complex logins.
• Google is promoting passkeys as a phishing-resistant, passwordless login solution while HaveIBeenPwned.com and similar tools enable users to check for exposure.