A staggering 16 billion credentials have surfaced online in what experts are calling the largest public leak of stolen passwords to date, spotlighting the rapid rise of info-stealing malware and the industrialization of cybercrime.
The leak, first reported by Cybernews, compiles data from 30 separate breaches over the past six months. Though many entries are likely duplicates—due to the common practice of password reuse—the volume underscores a grim truth: credential theft has become a booming underground economy.
Kaspersky telemetry confirms the trend, revealing a 21% rise in password stealer detections globally between 2023 and 2024. These infostealers silently infiltrate devices to harvest credentials, cookies, and tokens, which are then bundled into log files and circulated on the dark web or even on public platforms.
“This leak reflects a cybercrime market that has matured into a full-fledged supply chain,” said Dmitry Galov of Kaspersky’s Global Research and Analysis Team. “Credentials aren’t just stolen—they’re collected, enriched, and resold, sometimes repeatedly.”
While the newly uncovered logs were not previously disclosed, analysts stress this doesn’t mean the data is entirely new. Many credentials may have leaked before through other channels, making it difficult to assess the number of unique accounts affected. Nonetheless, the temporary public availability of such a vast dataset raises serious concerns.
Kaspersky’s Alexandra Fedosimova calls the breach “almost surreal,” noting the exposed data rivals twice the global population.
Security experts urge immediate digital hygiene. “Update passwords, enable two-factor authentication, and use a reliable password manager,” advises Kaspersky’s Anna Larkina. “And stay alert—these leaked details can fuel phishing, fraud, and identity theft.”
In the ever-expanding battlefield of cyber threats, this breach is a wake-up call for individuals and enterprises alike: credential security can no longer be an afterthought.
