Warning issued to all Apple, Facebook and Google users as 16 billion passwords have been leaked

A warning has been issued to Apple, Facebook, and Google users after researchers uncovered what is being dubbed the ‘biggest data breach ever’.

It has been revealed that sixteen billion passwords for accounts on these platforms, as well as other social media services and government accounts, have been leaked.

The researchers at Cybernews, who exposed the leak and are now investigating it, say they found ‘30 exposed datasets containing from tens of millions to over 3.5 billion records each'.

They starkly added: “This is not just a leak – it’s a blueprint for mass exploitation.

“With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.

The data leak was exposed by researchers on Wednesday June 18 (Getty Stock Image)

“What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”

The man behind the discovery, Cybernews contributor Bob Diachenko, explained that while there was ‘no centralized data breach’ at Apple, Facebook, or Google, it doesn’t mean the logins weren’t breached and leaked to the dark web.

“Credentials we’ve seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages,” he added.

The team are now urging users across the world to immediately change their passwords to protect their data from cybercriminals.

Some of the datasets had generic names such as ‘logins’ and ‘credentials,’ while others helped researchers get a better understanding of what’s inside.

For example, one dataset that had over 60 million records, was named after cloud-based instant messaging platform Telegram.

Users are being warned to change their passwords and take extra steps to keep their data safe (Getty Stock Image)

How did this happen, you might be asking?

Well, the researchers determined that this is the work of multiple different criminals using infostealers.

Infostealers are a form of malicious software created to breach computer systems and steal sensitive information, such as login details.

Cybernews researcher Aras Nazarovas has shared what you should be doing to best protect yourself.

He explained some of the exposed datasets include ‘cookies’ and ‘session tokens’ which ‘makes the mitigation of such exposure more difficult’.

Nazarovas explained: “These cookies can often be used to bypass 2FA methods, and not all services reset these cookies after changing the account password.

“Best bet in this case is to change your passwords, enable 2FA, if it is not yet enabled, closely monitor your accounts, and contact customer support if suspicious activity is detected."

LADbible Group has contacted Google, Facebook and Apple for comment.