{"id":100266,"date":"2025-06-23T21:53:00","date_gmt":"2025-06-24T05:53:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/internet-safety\/?p=100266"},"modified":"2025-07-17T22:40:58","modified_gmt":"2025-07-18T06:40:58","slug":"largest-password-breach-2025-what-to-do","status":"publish","type":"post","link":"https:\/\/www.trendmicro.com\/internet-safety\/blog\/largest-password-breach-2025-what-to-do\/","title":{"rendered":"One of the Largest Password Breaches in History: What You Need to Know and Do Now\u00a0"},"content":{"rendered":"\n<p>On June 18, 2025, researchers revealed that over\u00a0<strong>16\u202fbillion<\/strong>\u00a0usernames and passwords from major services\u2014like Apple, Google, Facebook, GitHub, Telegram, and government platforms\u2014were exposed in a massive online data leak. This is one of the largest credential leaks ever discovered.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Happened<\/h2>\n\n\n\n<p>Cybersecurity experts from\u00a0<a href=\"https:\/\/cybernews.com\/security\/billions-credentials-exposed-infostealers-data-leak\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Cybernews<\/a>\u00a0found\u00a0<strong>30 separate datasets<\/strong>\u00a0containing between tens of millions to over 3.5\u202fbillion login credentials each. These were not remnants of old breaches but\u00a0<strong>fresh data<\/strong>\u00a0likely gathered via malware that steals credentials from infected devices.<\/p>\n\n\n\n<p>\u201cThis is not just a leak \u2013 it\u2019s a blueprint for mass exploitation,\u201d the researchers said via\u00a0<a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2025\/06\/19\/16-billion-apple-facebook-google-passwords-leaked---change-yours-now\/\" target=\"_blank\" rel=\"noopener\" title=\"\"><em>Forbes<\/em>\u00a0this week<\/a>. \u201cThese aren\u2019t just old breaches being recycled. This is fresh, weaponisable intelligence at scale.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why This Matters<\/h2>\n\n\n\n<p>If your username and password appeared in this leak, criminals could:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access your online accounts by trying the credentials (credential stuffing)<\/li>\n\n\n\n<li>Send targeted phishing messages to steal more information<\/li>\n\n\n\n<li>Create fake accounts or recover accounts in your name<\/li>\n<\/ul>\n\n\n\n<p>And because many people reuse passwords, the risk can multiply across all your accounts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Immediate Actions You Can Take<\/h2>\n\n\n\n<style>\n#left-area .entry-content ol>li {\nmargin-left: 1em;\n}\n<\/style>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Change Your Passwords Now<\/strong><br>Start with accounts that use your standard or simple passwords. Choose\u00a0<strong>strong, unique passwords<\/strong>\u00a0for each account.<br><\/li>\n\n\n\n<li><strong>Use a Password Manager<\/strong><br>A password manager helps you create and store unique, hard-to-guess passwords \u2014 so you only need to remember one.<br><\/li>\n\n\n\n<li><strong>Enable Two-Factor or Multi-Factor Authentication (2FA\/MFA)<\/strong><br>Add a second layer of security, such as a text message code, authenticator app, fingerprint, or security key. This helps even if your password is compromised.<br><\/li>\n\n\n\n<li><strong>Consider Using Passkeys<\/strong><br>Passkeys use your phone or fingerprint instead of a password. They resist phishing and are becoming available on services like Gmail and YouTube.\n<ul class=\"wp-block-list\">\n<li>Learn how to set up passkeys for Facebook\u00a0<a href=\"https:\/\/www.facebook.com\/help\/1181045243159511\/?helpref=uf_share\" target=\"_blank\" rel=\"noopener\" title=\"\">here<\/a>.<\/li>\n\n\n\n<li>Learn how to set up passkeys for Apple\u00a0<a href=\"https:\/\/support.apple.com\/en-gb\/guide\/iphone\/iphf538ea8d0\/ios\" target=\"_blank\" rel=\"noopener\" title=\"\">here<\/a>.<\/li>\n\n\n\n<li>Learn how to set up passkeys for Google\u00a0<a href=\"https:\/\/www.google.com\/account\/about\/passkeys\/\" target=\"_blank\" rel=\"noopener\" title=\"\">here<\/a>.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Watch for Suspicious Activity<\/strong><br>Monitor your accounts for unusual sign-ins or password reset emails you didn\u2019t initiate.<br><\/li>\n\n\n\n<li><strong>Beware of Phishing Scams<\/strong><br>Even if your data wasn\u2019t leaked, this incident may be used by criminals. Don\u2019t click unexpected links in texts, emails, or social media. If in doubt, go directly to the website rather than clicking a link.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Why Long-Term Protection Matters<\/h3>\n\n\n\n<p>Large credential leaks like this one happen more often than most people realize\u2014and they don\u2019t stop at passwords. Credentials can be sold on the dark web, used for scams, and leveraged to break into additional accounts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On June 18, 2025, researchers revealed that over\u00a016\u202fbillion\u00a0usernames and passwords from major services\u2014like Apple, Google, Facebook, GitHub, Telegram, and government platforms\u2014were exposed in a massive online data leak. This is one of the largest credential leaks ever discovered. What Happened Cybersecurity experts from\u00a0Cybernews\u00a0found\u00a030 separate datasets\u00a0containing between tens of millions to over 3.5\u202fbillion login credentials each. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":100267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[762,3,4],"tags":[97,833,835,837],"class_list":["post-100266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-adults","category-for-parents","category-for-teachers","tag-cybersecurity","tag-data-breach","tag-password-breach","tag-password-protection","wpautop"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts\/100266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/comments?post=100266"}],"version-history":[{"count":2,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts\/100266\/revisions"}],"predecessor-version":[{"id":100290,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts\/100266\/revisions\/100290"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/media\/100267"}],"wp:attachment":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/media?parent=100266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/categories?post=100266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/tags?post=100266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}