Urgent warning issued to public as 16,000,000,000 passwords are leaked in 'biggest data breach ever'

Wide scale password breaches are considered some of the most dangerous cyberattacks by experts, and if reports are to be believed many of the world's biggest tech companies might just have experienced a major breach that affects over 16,000,000,000 people's passwords online.

There have been a number of notable data breaches in the past that have led companies to urge users to switch up their details, yet rarely have we ever seen an attack on the scale as this claims to be.

One of the most dangerous aspects of this particular breach is the fact that companies like Google and Apple, which provide password storage services, have been hit, so this could potentially have a far greater reach than initial projections could anticipate.

How many passwords have been affected by the breach?

As reported by the Independent, it is estimated that around 16,000,000,000 passwords have been revealed and stolen by the breach, and the data appears to have been sourced from around 30 separate datasets which each individually contain anywhere between 10 million and 3.5 billion passwords.

Information regarding the breach itself comes from researchers at Cybernews, who have stressed the importance of this particular attack and the wide reaching ramifications that we could begin to see as a result.

"This is not just a leak - it's a blueprint for mass exploitation," the researchers have explained. "These aren't just old breaches being recycled, this a fresh, weaponizable intelligence at scale."

According to the researchers, all but one of the 30 exposed datasets have not been previously understood to be exposed, but its unclear whether the information leaked is up to date and 'new', or just old passwords that have not yet been leaked.

Some hacking experts have questioned the veracity of this particular report though, with the infamous group vx-underground offering their perspective in a post on X:

"Someone took a bunch of existing leaks, threw it all together, and slapped a NEW stick[er] on it," the group has alleged, arguing that the report from Cybernews "isn't wrong necessarily. It is in fact a new 'pack' of stolen credentials of data leaks. However, these aren't like, 'new' credentials or a compromise of any of the companies mentioned."

The source from CyberNews isn't wrong necessarily. It is in fact a new "pack" of stolen credentials of data leaks. However, these aren't like, "new" credentials or a compromise of any of the companies mentioned.

tldr new updated package of stolen data and database dumps

— vx-underground (@vxunderground) June 19, 2025

Have any of the affected companies responded to the breach?

Currently it appears as if none of the affected companies have released an official statement regarding the breach, leaving users wondering how they should act following the potentially major security flaw.

Regardless of whether the information that has been exposed is 'new' or not, the FBI and cybersecurity experts have urged people to change their passwords as a precautionary measure and to avoid opening or interacting with any suspicious messages or emails.

Additionally, there is no better time than now to implement additional security measures for your accounts, such as enabling two-factor authentication, switching over to passkeys over passwords (which Microsoft has recommended), and storing your passwords in an 'offline' manner, such as with a simple pen and paper.