Apple, Google, and Facebook users at risk: 16 billion login credentials compromised in data breach

Researchers have discovered a collection of over 16 billion login credentials stolen via “infostealer” malware—malicious software that siphons usernames, passwords, session tokens, and financial info from infected devices.

The leak includes logins for major services: Apple, Facebook, Google (including Gmail and YouTube), Netflix, Microsoft, PayPal, GitHub, Telegram, Instagram, and various government-affiliated accounts across 29 countries.

None of the major platforms appear to have been compromised directly. Instead, the credentials were stolen from user devices—and likely aggregated from multiple recent malware infections. Many sources have called the trove one of the largest in history, though some argue much data may comprise duplicates. Still, even a portion of the 16 billion records is staggering.

Given the scale and scope of these passwords and credentials, MPS recommended that you immediately change passwords for the platforms mentioned above and if available, utilise multifactor identification.

To learn more about our cyber security solutions click here