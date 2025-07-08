Cybersecurity experts are urging internet users to take immediate steps to secure their online accounts, after largest-ever data leak exposed more than 16 billion login credentials including from major platforms like Google, Facebook, Apple, and even government services.

Sign up to our NationalWorld Today newsletter Sign up Thank you for signing up! Did you know with an ad-lite subscription to NationalWorld, you get 70% fewer ads while viewing the news that matters to you. Learn More Sorry, there seem to be some issues. Please try again later. Submitting...

The breach, discovered by researchers at Cybernews, is believed to have been carried out using infostealers that harvested login data and other sensitive credentials from multiple platforms. “This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews said in a statement. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”

In response, email security platform InboxArmy has released a list of “non-negotiable” strategies to help people secure their online data and prevent further breaches. “Breaches don’t vanish; they calcify into downloadable lists that criminals re-weaponize year after year,” the company warned.

Advertisement Hide Ad

Advertisement Hide Ad

Among their top recommendations is enabling multi-factor authentication (MFA). “A second check, phone prompt, or USB key, blocks almost every password-only hack,” said InboxArmy. According to them, 83% of IT leaders at small and mid-size firms now require MFA for staff log-ins.

They also encourage switching to passkeys, which don’t rely on passwords at all. “Passkeys live on your device; there’s no password to steal,” said InboxArmy, citing a May 2025 FIDO survey which found that 69% of users already use at least one.

16 billion login credentials have reportedly been stolen, including ones from sites including Google and Facebook, in a record-breaking data leak. | AFP via Getty Images

Another critical tip is to use a password manager to generate and remember strong passwords. “Random 16-character passwords are painless when software remembers them. Most reuse happens simply because people have to remember,” the company noted.

Importantly, they also advise people to lock down the email inbox that unlocks everything. With email often serving as the gateway to reset passwords for other accounts, InboxArmy warns: “11% of Americans have had an email or social account hijacked. Turn on unusual-sign-in alerts, add backup codes, and sign out stray sessions; if crooks can’t crack your email, they can’t reset the rest of your accounts.”

Advertisement Hide Ad

Advertisement Hide Ad

Google has already begun prompting users to switch to passkeys, and the FBI has urged Americans not to click on suspicious messages, as attackers may be exploiting the leaked data to launch targeted phishing attacks.

To check if your information has been compromised, you can use HaveIBeenPwned.com, a free tool that shows if your email address or login details have appeared in any known data breaches.