16 billion passwords from Apple, Facebook, Google and more leaked. Why has no one heard of it?

Sixteen billion passwords to Apple, Facebook, Google, and other social media accounts, as well as government services, were leaked in what researchers are calling the largest data breach ever, according to reports.

The leak exposed 16 billion login credentials and passwords, prompting both Google to tell billions of users to change their passwords and the FBI to warn Americans against opening suspicious links in SMS messages, according to a report published Thursday in Forbes.

Researchers at Cybernews, who have been investigating the leak, found “30 exposed datasets containing from tens of millions to over 3.5 billion records each.”

All but one of these datasets have not been previously reported as being exposed, so the data impacted is all considered new.

“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. “These aren’t just old breaches being recycled,” they warned, “this is fresh, weaponizable intelligence at scale.”

Most of that intelligence was in the format of a URL, followed by logins and passwords. That information then allowed access to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”

While worrisome, the researchers found that the datasets were exposed very briefly – with enough time for them to be discovered, but not long enough for researchers to figure out who was controlling the data.

Researchers have determined the leak is the work of multiple infostealers, but it’s impossible to tell how many people or accounts were exposed, according to Cybernews.

The experts urge people to invest in password management solutions, not share their passwords and to stay alert in the event their passwords are compromised.