A massive cache of exposed login credentials, totaling a staggering 16 billion records, has been uncovered by cybersecurity researchers, marking what could be the largest data breach in history. The leak spans over 30 separate datasets and includes sensitive information tied to everything from social media to government platforms.

Unlike many past breaches, this data isn’t just a rehash of old leaks. Researchers say it appears structured, recent, and highly exploitable, likely originating from infostealer malware that captures credentials directly from infected devices. “This is not just a leak – it’s a blueprint for mass exploitation,” said Cybernews researchers. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials… These aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”

The datasets, ranging from tens of millions to over 3.5 billion records each, were discovered stored on unsecured Elasticsearch and object storage instances. While the files were only publicly accessible for a short period, researchers were able to document and analyze their contents before they vanished from view.

Some of the data appears to have been compiled from older breaches, credential stuffing lists, and fresh infostealer logs. This means that many records may be duplicated, but the size and structure of the datasets still pose a significant security risk.

“The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,” the research team added.

The contents span login credentials for major platforms like Google, Facebook, Apple, GitHub, Telegram, and more. Although some reports suggested direct breaches of these companies, that isn’t accurate. “There was no centralized data breach at any of these companies,” clarified Bob Diachenko, a researcher who helped uncover the leak. The login records likely reference these domains because users’ saved credentials were collected from infected devices, not hacked servers.

Some experts have cautioned against alarmism, noting that while the scale is unprecedented, not all the data may be fresh or unique. “What we’re seeing is not a singular headline‑grabbing breach at a major tech company… This doesn’t pass a sniff test,” said Rob Lee of the SANS Institute, highlighting the need for careful scrutiny before drawing conclusions.

Still, the danger remains real. Cybercriminals can use even a small percentage of valid credentials to launch phishing attacks, account takeovers, and ransomware campaigns. With an estimated two leaked accounts per person on Earth, the potential for misuse is enormous.

To protect themselves, users are urged to change passwords immediately, use a password manager to generate strong, unique logins, and enable multi-factor authentication wherever possible. Organizations should scan systems for malware and enforce stricter credential practices.