16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

In what cybersecurity experts are calling the largest credential leak in history, a staggering 16 billion passwords and login credentials from major platforms including Apple, Facebook, Google, GitHub, Telegram, VPN services, and even government resources have been exposed online. This unprecedented breach is not a recycling of old data but fresh, active information gathered primarily through infostealer malware, which automatically collects credentials from infected devices.

Update, June 19, 2025: This story, originally published on June 18, has been updated with comments from the founders of Keeper Security regarding the 16 billion leaked passwords and other login credentials across the major tech vendor landscape.

What You Should Do Now

If you are wondering what to do in light of the 16 billion Apple, Facebook, Google And Other Passwords Leaked — Act Now is the urgent call to action. Here are essential steps to protect yourself:

• Change Your Passwords Immediately: Start with your most critical accounts such as Apple, Google, Facebook, and any financial or government services. Use strong, unique passwords for each account to prevent credential reuse attacks
• Use a Password Manager: Password managers like Bitwarden, 1Password, or Dashlane can generate and securely store complex passwords, reducing the risk of weak or repeated passwords.
• Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second verification step, making it harder for attackers to access your accounts even if they have your password.
• Be Wary of Phishing Attempts: Most cyberattacks begin with phishing emails or messages that trick you into revealing credentials or clicking malicious links. Always verify the source before responding or clicking.
• Consider Switching to Passkeys: Passkeys are a modern, more secure alternative to traditional passwords, supported by major tech companies like Apple and Google. They reduce the risk of credential theft through phishing or leaks.

The Wake-Up Call for Everyone

The leak of 16 billion passwords is a stark reminder of the vulnerabilities in our digital lives. It highlights the urgent need to adopt better security habits and technologies. If you have not taken cybersecurity seriously before, now is the time to act decisively to protect your personal and professional information from being compromised

Q. How can I protect myself from the 16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now breach

1. Change Your Passwords Immediately

Start by changing passwords on your most important accounts, such as Apple, Google, Facebook, Instagram, financial services, and government portals. Use strong, unique passwords for every account to prevent attackers from leveraging reused credentials across multiple sites. Avoid common or easily guessable passwords like “123456” or “password”.

2. Use a Password Manager

Managing dozens of unique, complex passwords can be difficult. Password managers like Bitwarden, 1Password, or Dashlane generate and securely store strong passwords for each account, making it easier to maintain good password hygiene. They also help detect compromised passwords and protect against phishing by not autofilling credentials on suspicious sites.

3. Enable Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA)

Activate MFA/2FA on all accounts that support it. This adds an extra layer of security by requiring a second verification step (e.g., a code from an authenticator app or SMS) in addition to your password. Even if your password is leaked, this makes unauthorized access much harder.

4. Be Vigilant Against Phishing Attacks

Cybercriminals use stolen credentials to launch targeted phishing campaigns via email, SMS, social media, or phone calls. Never click on suspicious links, download unknown attachments, or provide personal information unless you are certain of the source’s legitimacy.

5. Consider Switching to Passkeys

Passkeys are a newer, more secure alternative to traditional passwords supported by major platforms like Apple and Google. They eliminate risks related to password theft and phishing by using cryptographic authentication methods.

6. Monitor Your Accounts and Personal Information

Use dark web monitoring services or identity theft protection tools to get alerts if your credentials or personal data appear in leaked databases. This helps you respond quickly to potential misuse.

7. Delete or Secure Inactive Accounts

Unused or forgotten accounts may have weaker security and can be exploited by hackers. Review your online presence and delete or secure any accounts you no longer use.