A staggering 16B password have been exposed in what could be one of the largest password leaks to date. According to a detailed investigation by Cybernews, the compromised data includes accounts from major platforms like Apple, Google, Facebook, GitHub, Telegram and even government portals. The breach has raised serious concerns about the safety of digital assets, particularly among crypto users and platforms.
Cybernews researchers analysed over 30 leaked datasets, each containing tens of millions to billions of entries. The total haul amounts to around 16 billion unique credentials, many of which have never been publicly reported before.
This discovery follows a separate and serious data breach at cryptocurrency exchange Coinbase in May, where attackers accessed users’ full names, addresses, ID documents, balances and transaction history, making it easier for malicious actors to conduct identity theft and targeted attacks.
How the Leak Happened?
The exposed data was primarily found on unsecured Elasticsearch databases and misconfigured object storage servers, making them easily accessible to cybercriminals. Most datasets averaged 550 million records, while the smallest still contained over 16 million credentials.
Though the original source of the data remains uncertain, Cybernews suggests some of the datasets may have originated from cybercriminal groups themselves. The scale of the breach and diversity of sources point to years of accumulated infostealer dumps and phishing campaign results, all now conveniently grouped into one massive database.
In addition to basic login credentials, many datasets include sensitive session data such as tokens, cookies and metadata, giving hackers the tools to bypass traditional login methods, especially for users not protected by multifactor authentication (MFA).
Why Crypto Users Should Be Alarmed
The implications for crypto holders are especially severe. Many custodial crypto platforms and wallets are tied to email logins and password authentication, now potentially compromised. With access to a user’s email account, attackers could initiate password resets and gain control of exchange accounts, wallet access, and even DeFi platforms.
Additionally, users who store seed phrases or recovery keys in cloud services could be at risk if those services are part of the breached dataset. A single exposed file or document could grant hackers access to entire crypto portfolios.
Cybernews warns that the crypto space could see a sharp rise in account takeover attempts, social engineering scams, and targeted phishing attacks using the freshly leaked credentials. These are likely to be automated and deployed at scale.
Industry and User Response Urgently Needed
The crypto industry must act swiftly to mitigate the risks. Platforms should audit login activity, enforce password resets where appropriate, and implement stronger default security protocols, including mandatory two-factor authentication.
Individual users are also urged to:
- Immediately update passwords across all major services.
- Avoid password reuse across different platforms.
- Enable 2FA or MFA wherever possible.
- Remove seed phrases and recovery keys from cloud storage or unencrypted digital notes.
- Monitor accounts for unusual activity.
In some cases, exchanges may temporarily freeze withdrawals or request additional verification from users to prevent asset theft.
Wake-Up Call for Crypto Security
This breach isn’t just another data leak, it’s a critical wake-up call for the crypto world. The industry has long emphasised self-custody and digital sovereignty, but security hygiene hasn’t always kept pace. As cybercriminals gain access to deeper, more interconnected datasets, crypto users must harden their defences and adapt to a world where security breaches are inevitable.
