Massive Data Leak: Hacker Allegedly Selling 16 Billion Login Credentials from Major Tech Giants

Since yesterday, reports of a hacker allegedly selling a staggering 16 billion sets of login credentials have swiftly drawn widespread attention. This massive database purportedly involves accounts linked to major tech giants such as Apple, Microsoft, Google, and Meta, leading some users to mistakenly believe it contains newly compromised data.

However, no major security breaches have recently been reported by these companies. Based on past patterns, it is likely that this database is a compilation of credentials leaked over the past few years, aggregated into a single repository—hence its enormous scale.

The hacker is currently marketing this dataset on Telegram and has shared partial samples. The storage format of these samples suggests a connection to information-stealing malware, which typically harvests credentials and other sensitive data from infected devices.

For instance, if a user has saved hundreds of login credentials in their browser, once infected, such malware can extract this information and transmit it to a server under the hacker’s control. The attacker may then use the stolen credentials to access accounts in search of potential value or further exploitation.

Over the past few years, these aggregated databases have become increasingly common. Many cybercriminals prefer repackaging previously leaked data for resale. Thus, encountering such reports should not cause undue alarm. If your credentials were truly compromised, they would likely have been exploited already, rather than only now being discovered in this latest database.

Of course, the most effective way to safeguard your accounts remains enabling multi-factor authentication (MFA) across all services. Even if a password is exposed, MFA can prevent unauthorized access. Additionally, using unique, randomly generated passwords—rather than reusing the same ones—can help prevent a breach of one account from endangering others.

Related Posts:

• Cyclops Blink malware launches persistent attacks on several popular ASUS routers
• Phishing Campaign Bypasses MFA to Target Meta Business Accounts, Putting Millions at Risk
• China’s Cybersecurity Firms Reveal Alleged NSA (Equation Group) Tactics in University Hack
• Cyberattack on Pacific Islands Forum: Chinese Hackers Suspected