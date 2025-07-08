16 billion passwords leaked: How to protect yourself as cybersecurity experts warn of repeat attacks
The breach, discovered by researchers at Cybernews, is believed to have been carried out using infostealers that harvested login data and other sensitive credentials from multiple platforms. “This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews said in a statement. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”
In response, email security platform InboxArmy has released a list of “non-negotiable” strategies to help people secure their online data and prevent further breaches. “Breaches don’t vanish; they calcify into downloadable lists that criminals re-weaponize year after year,” the company warned.
Among their top recommendations is enabling multi-factor authentication (MFA). “A second check, phone prompt, or USB key, blocks almost every password-only hack,” said InboxArmy. According to them, 83% of IT leaders at small and mid-size firms now require MFA for staff log-ins.
They also encourage switching to passkeys, which don’t rely on passwords at all. “Passkeys live on your device; there’s no password to steal,” said InboxArmy, citing a May 2025 FIDO survey which found that 69% of users already use at least one.
Another critical tip is to use a password manager to generate and remember strong passwords. “Random 16-character passwords are painless when software remembers them. Most reuse happens simply because people have to remember,” the company noted.
Importantly, they also advise people to lock down the email inbox that unlocks everything. With email often serving as the gateway to reset passwords for other accounts, InboxArmy warns: “11% of Americans have had an email or social account hijacked. Turn on unusual-sign-in alerts, add backup codes, and sign out stray sessions; if crooks can’t crack your email, they can’t reset the rest of your accounts.”
Google has already begun prompting users to switch to passkeys, and the FBI has urged Americans not to click on suspicious messages, as attackers may be exploiting the leaked data to launch targeted phishing attacks.
To check if your information has been compromised, you can use HaveIBeenPwned.com, a free tool that shows if your email address or login details have appeared in any known data breaches.
