16 billion passwords exposed: What you need to do now

It’s not just another data leak — it’s the World Cup of cyber breaches. 

Over 16 billion login credentials have reportedly spilled onto the internet, making this the largest password breach in internet history.

Yes, your passwords might be part of the guest list.

Cybernews and Forbes uncovered the leak on Thursday (June 19), sending shockwaves through cybersecurity circles. 

But a day earlier, on Wednesday (July 18), TechRadar already reported that a researcher found 184 million unique credentials in unsecured database including bank, health, government, and major tech platform. 

It included logins emails, usernames, passwords and more in the unsecured database, as per TechRadar.

“This breach is unprecedented,” Akram Khazi, CEO of Dubai-based RAS Infotech told Gulf News. 

Khazi calls it a massive digital “storm”, with the potential to disrupt everything from personal emails to government systems.

What you should know – and do now:

Q: Why is it a big deal?

What really sets this password breach apart isn’t just its massive size — it’s the freshness and organisation of the stolen data. 

Unlike your typical recycled password dump from a dusty old forum, this breach features newly harvested credentials, many of them gathered by sneaky “infostealer” malware. 

“With such a vast amount of personal data now exposed, cybercriminals effectively have a feast of information at their disposal,” Akram added. 

Khazi said the break-in, the result of infostealer malware, is a blueprint for global exploitation: One password could unlock not just your email, but your bank accounts, cloud files, and work systems.

Q: What do infostealer malware do?

They are digital pickpockets quietly siphoing off usernames and passwords from infected devices, then upload the loot to attacker-run servers.

The result? A hacker’s dream spreadsheet: clean, structured entries listing the source website, email or username, and password.

The data is pulled from at least 30 different datasets, each packing tens of millions to billions of records.

Bottom line: this isn’t just a leak — it’s a password goldmine. And the clock is ticking.

Q: Which sites are affected?

The breach contains usernames and passwords from tech giants like Apple, Google, Facebook, Telegram, GitHub, and even some government websites, as per Cybernews and Forbes.

Q: Who is affected by this breach?

Potentially everyone. 

The breach spans global platforms. It includes data from hundreds of millions of users across various regions. 

If you’ve ever logged into a popular site or app, there’s a real chance your data is in the mix.

Q: Why is this breach especially dangerous?

Security professionals warn that this isn’t “just another leak.” What makes it more threatening is:

“What’s particularly concerning is that this is a recent breach — many affected users may not yet have updated their credentials. A major cybersecurity catastrophe could unfold over the coming months,” warned Khazi.

Q: What are tech companies and governments doing?

Q: What should we do now?

RAS Infotech recommends immediate action:

"This breach highlights the urgency of practicing good password hygiene and staying alert. Cyber resilience begins with each of us," said Khazi.