16 Billion Passwords Allegedly Leaked Online, Here’s What You Should Do

Some experts argue the leak is not a new data breach, but rather a compilation of previously exposed data compiled into one massive collection.

Subscribe to our FREE Newsletter, or Telegram and WhatsApp channels for the latest stories and updates.

Cybersecurity is becoming more important than ever. We all own devices that carry very sensitive data such as personal information, emails, passwords, private chats, and more.

In what’s being called the biggest password leak ever, cybersecurity experts recently found a stash of over 16 billion stolen login details – including emails, usernames, and passwords – posted online.

But before you panic, here’s what you really need to know and how to protect yourself.

So, what actually happened?

This wasn’t a single hack of a company like Google or Apple. Instead, cybersecurity researchers discovered a massive collection of old and new data gathered from past data breaches, malware attacks, and other illegal sources.

Think of it as a huge digital dump yard where hackers collected login info from many sources, all in one place. The data includes billions of email addresses and passwords – many of which are in plain text, meaning they’re readable and usable by anyone.

Could your password be in there?

There is no definite yes or no, but a maybe. Even if your password was leaked in a past breach years ago, it could still be part of this massive compilation. And if you’ve reused the same password across multiple websites, that puts you at serious risk.

Tech news website Mashable noted that all this data in one spot is could still cause some serious damage, as cybercriminals now have access to all the information in one place, which basically makes things easier for them.

Cybercriminals use tools that let them quickly test these passwords on popular sites like email providers, banks, shopping sites, and social media. This is called credential stuffing – and it works more often than you’d think.

Should you be worried about this leak? Well, when it comes to cybersecurity, you should always be worried.

In this incident however, there’s no need to panic (yet). According to IT news site Bleeping Computer, the information contained in the 16 billion records was most likely compiled from prior hacks and then released as a single set of data.

Backing this up is a tweet from vx-underground, an educational website that specialises in malware and cybersecurity.

No.

Someone took a bunch of existing leaks, threw it all together, and slapped a NEW stick on it. https://t.co/ccUpRXPssv
— vx-underground (@vxunderground) June 19, 2025

It’s important to note that even old passwords can be dangerous if you’re still using them.

What you should do with all your existing online accounts

Now that you know that there was a data leak that could potentially be dangerous, the most important step is to adopt good cybersecurity habits you should already be following.

The first thing you should check is your passwords, and when was the last time you changed them. Use trusted password generators and managers such as 1Password or Norton Password Manager.

If you’re using an Apple iPhone, it has a feature to automatically generate strong passwords and store them in a vault on the device under your Apple account as well. Google’s Chrome browser also offers a strong password generator with a password vault to help keep your passwords in one place.

However, unique passwords won’t guarantee protection if you are hacked, fall for a phishing attack, or install malware.

It’s crucial that you also use two-factor authentication (2FA) along with an authentication app, like Microsoft Authenticator, Google Authenticator, or Authy, to manage your 2FA codes.

These days, social media apps like Facebook, X (formerly Twitter), and TikTok also feature passkeys, a more secure and user-friendly alternative to passwords for logging into accounts. It’s never a bad idea to add more layers of security to protect your data.

Password manager app Dashlane has a handy explanation on passkeys HERE.

Beyond changing your passwords every now and then, here’s one last reminder to never ever share sensitive personal information or passwords with anyone, no matter how much you trust them.

Share your thoughts with us via TRP’s Facebook, Twitter, Instagram, or Threads.

Shahril Bahrom

Shahril Bahrom is a Malaysian digital journalist known for his work with The Rakyat Post and World Of Buzz, covering social issues, technology, pop culture, and viral online trends. His writing combines accessible storytelling with strong awareness of Malaysian internet culture, often focusing on topics that resonate across social media and public discourse. Known for a conversational yet informative style, he specialises in digital-first journalism, human-interest stories, and trend-driven reporting that bridges mainstream news with contemporary online conversations.