Data Breach Exposes 16 Billion Login Records for Online Services

By  |  June 20, 2025
 | 

Thirty databases containing a total of 16 billion login records for a variety of online services were reportedly briefly exposed.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Cybernews reported Wednesday (June 18) that the databases were accessible long enough for its researchers to discover them.

    The data is recent, not recycled from earlier breaches, and may contain overlapping information, according to the report. Only one of the datasets was previously reported.

    The online services for which the login records were exposed include social media, corporate and government platforms; virtual private networks (VPNs); developer portals; locked files; and other resources, the report said. The login records include URLs, login details and passwords.

    The data was most likely gathered by infostealers, a form of malicious software that steals sensitive information, per the report.

    “This is not just a leak — it’s a blueprint for mass exploitation,” the Cybernews researchers said in the report. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft and highly targeted phishing.”

    The report suggested that ways to defend against these data breaches include employing a password generator to create strong passwords, updating passwords regularly, enabling two-factor authentication, monitoring accounts, contacting customer support if suspicious activity is detected, and reviewing systems for infostealers.

    “The inclusion of both old and recent infostealer logs — often with tokens, cookies and metadata — makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,” Cybernews researchers said in the report.

    PYMNTS reported in September that while businesses have traditionally focused on internal cybersecurity measures, today’s interconnected digital ecosystem demands a more holistic approach.

    Because data breaches increasingly result from critical infrastructure providers being targeted by bad actors, and because third-party vendors, cloud-based services and intricate supply chains play key roles in companies’ day-to-day operations, there are more entry points that threat actors can exploit.

    Protecting data is no longer just a matter of internal IT security; it requires a broad, collective effort among businesses, service providers and vendors.

    The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) said in April that reported cyber and scam-related losses reached $16.6 billion in 2024, up 33% from the previous year.


    Recommended

    Data Breach Exposes 16 Billion Login Records for Online Services

    SoftBank Seeks Support for Proposed $1 Trillion Complex to Build Robots and AI

    BBC

    Perplexity Rejects BBC’s Legal Claims Over AI-Driven News Content Reuse

    Stablecoins Become Retail Battleground for Walmart and Amazon

    See More In: , , , , , , , , , , , , ,