Internet users advised to change passwords after 16bn logins exposed

TruthLens AI Suggested Headline:

"Urgent Advisory for Internet Users to Change Passwords Following Exposure of 16 Billion Login Records"

Internet users advised to change passwords after 16bn logins exposed analysis cover image The Guardian 8.9
Image Source: https://i.guim.co.uk/img/media/6a7b8b4e74e67dd34f2a93f775050d0f7e3529b3/574_0_3559_2847/master/3559.jpg?width=1200&height=630&quality=85&auto=format&fit=crop&overlay-align=bottom%2Cleft&overlay-width=100p&overlay-base64=L2ltZy9zdGF0aWMvb3ZlcmxheXMvdGctZGVmYXVsdC5wbmc&enable=upscale&s=94fe69693b58e368bbbbe8a189b47ff8
Original Article Source: https://www.theguardian.com/technology/2025/jun/21/internet-users-advised-to-change-passwords-after-16bn-logins-exposed
View Raw Article Source (External Link)
Raw Article Publish Date:
AI Analysis Average Score: 8.9
These scores (0-10 scale) are generated by Truthlens AI's analysis, assessing the article's objectivity, accuracy, and transparency. Higher scores indicate better alignment with journalistic standards. Hover over chart points for metric details.

TruthLens AI Summary

Recent research has revealed a staggering 16 billion login records potentially exposed to cybercriminals, prompting urgent calls for internet users to change their passwords and enhance their digital security. The findings were published by Cybernews, an online tech publication, which identified 30 datasets containing credentials harvested from malicious software known as 'infostealers' and past data leaks. Although the datasets were only briefly available due to poor storage on remote servers, the scale of the exposure is alarming. Experts indicate that these credentials could provide unauthorized access to popular services such as Facebook, Apple, and Google, although there has been no centralized data breach at these companies. Bob Diachenko, the cybersecurity specialist who conducted the research, emphasized the difficulty in determining the exact number of affected accounts due to overlapping records and stated his intention to contact individuals and organizations whose data was compromised.

The research underscores the critical need for users to regularly update their passwords and adopt robust security measures, such as multifactor authentication and password managers. Diachenko noted that the datasets primarily consisted of data from infostealers, with a smaller portion originating from historical breaches, such as the LinkedIn leak. Cybersecurity experts echoed these sentiments, advising users to be proactive in safeguarding their accounts. They highlighted that while the sheer volume of exposed data is concerning, it is not a new threat, as much of this information may have already been in circulation among cybercriminals. Additionally, users are encouraged to utilize tools like haveibeenpwned.com to check if their email addresses have been compromised. As the threat landscape continues to evolve, it remains essential for individuals to prioritize cybersecurity measures to mitigate potential risks associated with credential theft and online fraud.

TruthLens AI Analysis

You need to be a member to generate the AI analysis for this article.

Log In to Generate Analysis

Not a member yet? Register for free.

Unanalyzed Article Content

Source URL: https://www.theguardian.com/technology/2025/jun/21/internet-users-advised-to-change-passwords-after-16bn-logins-exposed

Internet users have been told to change their passwords and upgrade their digital security after researchers claimed to have revealed the scale of sensitive information – 16bn login records – potentially available to cybercriminals.

Researchers at Cybernews, anonline tech publication, said they had found 30 datasets stuffed with credentials harvested from malicious software known as “infostealers” and leaks.

The researchers said the datasets were exposed “only briefly” but amounted to 16bn login records, with an unspecified number of overlapping records – meaning it is difficult to say definitively how many accounts or people have been exposed.

Cybernews said the credentials could open access to services including Facebook, Apple and Google – although there had been no “centralised data breach” at those companies.

Bob Diachenko, the Ukrainian cybersecurity specialist behind the research, said the datasets had become temporarily available after being poorly stored on remote servers – before being removed again. Diachenko said he was able to download the files and would aim to contact individuals and companies that had been exposed.

“It will take some time of course because it is an enormous amount of data,” he said.

Diachenko said the information he had seen in infostealer logs included login URLs to Apple, Facebook and Google login pages. Apple and Facebook’s parent, Meta, have been contacted for comment.

A Google spokesperson said the data reported by Cybernews did not stem from a Google data breach – and recommended people use tools like Google’s password manager to protect their accounts.

Internet users are also able to check if their email has been compromised in a data breach by using the website haveibeenpwned.com. Cybernews said the information seen in the datasets followed a “clear structure: URL, followed by login details and a password”.

Diachenko said the data appeared to be “85% infostealers” and about 15% from historical data breaches such as a leak suffered by LinkedIn.

Experts said the research underlined the need to update passwords regularly and adopt tough security measures such as multifactor authentication – or combining a password with another form of verification such as a code texted from a phone. Other recommended measures include passkeys, a password-free method championed by Google and Facebook’s owner, Meta.

“While you’d be right to be startled at the huge volume of data exposed in this leak it’s important to note that there is no new threat here: this data will have already likely have been in circulation,” said Peter Mackenzie, the director of incident response and readiness at the cybersecurity firm Sophos.

Mackenzie said the research underlined the scale of data that can be accessed by online criminals.

“What we are understanding is the depth of information available to cybercriminals.”He added: “It is an important reminder to everyone to take proactive steps to update passwords, use a password manager and employ multifactor authentication to avoid credential issues in the future.”

Toby Lewis, the global head of threat analysis at the cybersecurity firm Darktrace, said the data flagged in the research is hard to verify but infostealers – the malware reportedly behind the data theft – are “very much real and in use by bad actors”.

He said: “They don’t access a user’s account but instead scrape information from their browser cookies and metadata. If you’re following good practice of using password managers, turning on two-factor authentication and checking suspicious logins, this isn’t something you should be greatly worried about.”

Cybernews said none of the datasets have been reported previously barring one revealed in May with 184m records. It described the datasets as a “blueprint for mass exploitation” including “account takeover, identity theft, and highly targeted phishing”.

The researchers added: “The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data.”

Alan Woodward, a professor of cybersecurity at Surrey University, said the news was a reminder to carry out “password spring cleaning”. He added: “The fact that everything seems to be breached eventually is why there is such a big push for zero trust security measures.”

Back to Home
Source: The Guardian