Data leak shock: 16 billion access data from top services affected!

Data leak shock: 16 billion access data from top services affected!

On June 20, 2025, a massive data breach involving over 16 billion credentials was discovered. The information contained in this leak includes not only usernames and passwords, but also cookies and session tokens. Affected services include prominent platforms such as Facebook, Google and Apple. While the severity of the incident is causing skepticism among experts, the Interior Ministry has not yet confirmed a leak of this magnitude. It is believed that the data was stolen primarily by Infostealer malware, which collects login credentials from devices.

The databases containing these enormous amounts of access data were usually only accessible for a short time via unsecured servers. These practices make it clear that many affected websites were not recently compromised. Instead, it is likely a compilation of previously leaked data that has been circulating on the Internet for years. Thomas Boele from Check Point Software Technologies suspects that the older data appears in this collection and emphasizes that the danger posed by these leaks should still be taken seriously.

Extent of data leak

The leak affects both large technology companies and critical infrastructure. Over 184 million login credentials from various platforms were also discovered in an unprotected database, stored online without any encryption or authentication. These credentials come from companies such as Google, Microsoft, Apple and also from banks and healthcare services. Significant pressure on organizations to improve their cybersecurity comes from the recurring data breaches that affect not only the tech industry, but also vital sectors.

The importance of the data is also reflected in the number of affected devices, which is over 320 million. The data collected supports a thriving underground economy that includes identity theft as well as fraud and ransomware. Security experts warn about the potential use of the leaks for account takeovers and phishing attacks. Not only does this pose a threat to individuals, but it also raises questions about personal privacy and national security.

Recommendations for users and companies

In view of the current threats, experts and the Ministry of the Interior are calling for passwords to be changed regularly, the use of password managers to be promoted, two-factor authentication to be activated and passwordless logins to be used using the passkeys procedure. Researchers also recommend closely monitoring account activity and contacting customer support if there is any suspicious activity.

The massive data leak highlights the urgency of proactive data management. Industry stakeholders need to strengthen security measures and integrate an awareness of the importance of cybersecurity into business processes and supply chains. Today's challenges in the cyber landscape require a shift in thinking and the creation of a culture of responsibility and vigilance to prevent costly data breaches and maintain trust in brands.

The current situation represents a warning shot for companies that should view their data as a strategic asset. Compliance with security standards and continuous improvement of measures are now more important than ever in order to successfully counter future threats.

In this context, a reputable website explains that this leak is not a new threat, but simply a merged collection of existing data. However, there remains uncertainty about who is behind this massive collection of data and how the information could actually be used.

For more complete information about the details of the data leak and its implications, read here: Vienna.at, Dig.watch and All About Security.