_Paul_Markillie_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Oakley and Meta Launch Smart Glasses for Athletes With AI, 3K Camera, More [Video]](https://www.iclarified.com/images/news/97665/97665/97665-640.jpg)
![How to Get Your Parents to Buy You a Mac, According to Apple [Video]](https://www.iclarified.com/images/news/97671/97671/97671-640.jpg)
_Frank_Peters_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![How to Create Your Own AI Toolkit with Taylor Radey [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/MAICON-Speaker_Series-Taylor.png)
![[The AI Show Episode 154]: AI Answers: The Future of AI Agents at Work, Building an AI Roadmap, Choosing the Right Tools, & Responsible AI Use](https://www.marketingaiinstitute.com/hubfs/ep%20154%20cover.png)
![[The AI Show Episode 153]: OpenAI Releases o3-Pro, Disney Sues Midjourney, Altman: “Gentle Singularity” Is Here, AI and Jobs & News Sites Getting Crushed by AI Search](https://www.marketingaiinstitute.com/hubfs/ep%20153%20cover.png)
![[DEALS] Internxt Cloud Storage Lifetime Subscription (20TB) (89% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.png?#)
Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online
Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.
When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion!
Researchers at Cybernews have discovered 30 exposed datasets containing from several millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.
The likely source: information stealers, or infostealers for short. Infostealers are malicious software designed specifically to gather sensitive information from infected devices. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets, and send the data to cybercriminals.
The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. And no chance for us to cross-reference the data with our sources to find out more about their origin and age.
But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for:
- Account takeovers: Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.
- Identity theft: Personal details enable fraud, loan applications, or impersonation.
- Targeted phishing: Combining leaked data allows cybercriminals to engage in very convincing and personalized scams.
- Ransomware/business email compromise (BEC) attacks: Compromised business credentials facilitate network intrusions or fraudulent wire transfers.
The leak includes credentials for virtually every large online service. Apple, Google, Facebook, Telegram, developer platforms, VPNs, and more.
And the number is so massive it exceeds our imagination. If you printed each credential (16 billion usernames + passwords) on a single line, using standard paper, and stacked the pages, the pile would reach far beyond the edge of the stratosphere (roughly 35 miles).
How to protect against infostealers
There are a few things you can do to limit the dangers of infostealers:
- Use an up-to-date and active anti-malware solution that can detect and remove infostealers.
- Do not reuse passwords across different sites and services. A password manager can be very helpful to create safe passwords and remember them for you.
- Enable two-factor authentication (2FA) for every account you can. 2FA makes it much more difficult for an attacker to access your account with your login credentials. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of 2FA can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Check your digital footprint
Data stolen by infostealers is often sold or posted online. If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll give you a free report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
