Cybernews, a Lithuanian cybersecurity news platform, has reported a staggering leak of 16 billion passwords, potentially compromising access to accounts on Apple, Google, Facebook, and many other platforms. According to cybersecurity experts at Check Point Software Technologies, the breach was likely caused by infostealer malware.
Infostealers are a form of malicious software that tricks users into unknowingly installing them. Once activated, they harvest sensitive data from infected devices. Hackers then use the stolen credentials in “credential stuffing” attacks—automated attempts to use the same username and password across multiple websites to gain unauthorized access.
“If users reuse the same password across sites, hackers can access bank accounts, drain loyalty points from favorite retailers, or even gather addresses and birthdates to steal identities,” warned Robert Falzon from Check Point.
In response, Google has urged its billions of users to switch from traditional passwords to passkeys, which offer a much more secure method of logging in. Meanwhile, the FBI has cautioned the public against clicking links in suspicious SMS messages, warning that stolen credentials are being sold in bulk across the internet.
Experts are sounding the alarm that this may be the beginning of a massive exploitation campaign. The leaked data could grant cybercriminals unprecedented access to personal information, enabling account takeovers, identity theft, and highly targeted phishing attacks.
“We’re seeing huge repositories on the dark web full of usernames, passwords, and authentication data stolen from people worldwide, being traded like commodities,” a Check Point representative noted.
Are all of the leaked credentials new? That remains a subject of debate. Cybernews claims the data is fresh and not recycled from previous breaches, but other experts are skeptical. “It’s very difficult to verify the source,” Check Point says, explaining that hackers often merge old and new data sets to make them appear recent.
The only way to determine how current the data is would be to compare it against known past breaches. As Ignas Valancius, Head of Engineering at NordPass, pointed out: “If hackers get your password for Google, Apple, or Facebook, stealing your money or identity might be easier than taking candy from a three-year-old.”
What Can You Do If You Have Too Many Passwords to Remember?
Many cybersecurity professionals recommend using password managers, which generate strong, unique passwords for each of your accounts and store them in an encrypted vault. However, experts also caution that not all password managers offer the same level of encryption. If a password manager itself is breached, all saved credentials could be compromised.
A growing number of experts now advocate for the adoption of passkeys—a newer, safer form of digital authentication. Passkeys use biometric verification (such as facial recognition or fingerprint scanning) and are considered more secure than traditional passwords. They can’t be guessed, reused, or entered on phishing sites. While not all platforms support passkeys yet, major companies like Apple, Microsoft, Shopify, DocuSign, and PayPal already do.
Source: ManagerPlus.pl
