16 billion login credentials stolen from Google, Apple, Facebook in huge data leak - how to find out if you've ever had your information compromised

Social media users and those with online accounts are being urged to change their passwords after the record-breaking theft, which researchers at Cybernews believe was mounted by infostealers.

According to Forbes, Google has contacted its users to prompt them to replace their password and use a secure passkey, and the FBI has issued advice to Americans not to open any suspicious text messages.

Vilius Petkauskas from Cybernews said: “Our team has been closely monitoring the web since the beginning of the year. So far, they’ve discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.”

Researchers added: “This is not just a leak – it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”

The stolen datasets include login credentials from sites such as Google, Apple, Facebook, as well Telegram, GitHub, and even government services. WHile researchers were worried by the scale of the data leak, they found that the datasets were only exposed for a brief period of time - which was enough time for the leak to be discovered but not enough for researchers to discover who was behind it.

Internet users are being urged to take precautions when it comes to password management, including implementing extra security such as passkeys and multi-factor authentication. Users are also being urged to change their passwords.

How to find out if your online data has been stolen

There are services online that will allow you to see if your password or other credentials have been compromised in data leaks like the one described above.

HaveIBeenPwnd.com is a a free service that allows you to input your email address and you will receive a report on whether your email address and/or login credentials have been compromised in recent or historical data leaks.

The site will tell you exactly how many data breaches, if any, your email has been involved in, as well as the account/site related to each data breach, meaning that you know what website to take action such as changing your password on.