06/20/2025
URGENT: It has been reported that an absolutely massive database of personal information has been exposed. The database contains nearly 16 BILLION records. That’s twice as many people as on the planet and is the largest exposure in the history of the web. The credentials are not from a single data breach, but from multiple smaller breaches as well as information collected from malware, infobrokers, and previously reported data breaches.
While there is no way at the moment to know which services or who is affected, there are things you can do to help protect yourself.
Your first step should be changing your passwords. There are many philosophies when it comes to good passwords and security but these are our recommendations. First, do not reuse passwords and avoid using modifications of a single password. By using unique passwords for every account, you decrease the number of passwords you need to change when a breach of one of your services does happen. If you need help creating a password, there are password generators available on the internet (We’re big fans of dinopass.com but other services do exist). As an alternative, create a passphrase instead. A passphrase is a collection of memorable words you can use as a password (Ex: VaderPumpkinAvocadoJeep). Replacing some of the characters in your password or passphrase with symbols or numbers will increase the security even further.
Don’t want to mess around with passwords at all? Use a password manager then! McAfee True Key, 1Password, and Dashlane are all good options for password management but some may require payment. We recommend Google’s password manager though because it’s built right into the Chrome browser, is completely free, and has many of the same features that the paid services have. If using Google’s password manager, activate 2 Step Verification (also called MFA or MultiFactor Authentication) on your Google account to protect your personal password database.
Speaking of 2 Step and MFA, you should activate this security setting on every account that supports it. In this day and age of the internet, this is no longer just an optional recommendation. It is absolutely vital for protecting your accounts. MFA prevents around 90% of cyberattacks. When setting up MFA on your accounts, try to avoid using codes over SMS/MMS messages on your phone and instead use an authenticator app. SMS/MMS based MFA codes are susceptible to another form of cyberattack called SIM Swap attacks. Many web services support Time-based One Time Passwords (TOTP) through an app on your cell phone that generates 6 digit temporary passcodes every 60 seconds. Google Authenticator, Microsoft Authenticator, and Authy are all popular options and all of them are free to download and use.
These steps will help better secure your accounts, but there is more you can do to help protect yourself. There are many services available to monitor for and alert you when your personal information ends up on the dark web. McAfee ID Theft Protection, Experian IdentityWorks, and many other services exist. Nearly all of these services are paid services but can inform you of breaches of your information even when the breached service fails to report an event.
Following these recommendations will dramatically increase your security and will harden your accounts against attacks in the future.
More information about the data in this leak can be found here: https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
This is a colossal breach involving 16 billion exposed credentials — possibly the G.O.A.T. of all data breaches.
