If you’ve ever used the internet (and let’s face it, who hasn’t?), you’ll want to sit down for this one.

In what’s being dubbed the ‘mother of all data breaches’, cybersecurity experts have uncovered a jaw-dropping leak: more than 16 billion individual records—including passwords for Apple, Google, Facebook, government accounts, and more—have been exposed.

Yes, you read that right: 16 billion. That’s more than twice the population of the entire planet!

What’s the Story Behind the Breach?

Cybersecurity researchers at Cybernews stumbled upon a massive collection of 30 databases, each packed with sensitive information.

Some databases had cryptic names like ‘logins’ or ‘credentials’, while others gave away their contents more clearly.

More than 16 billion passwords and account records from major platforms and agencies have been exposed in a massive data breach uncovered by cybersecurity researchers. Credit: Pheelings Media / iStock

The records included login details for everything from government accounts to your favourite social media platforms—Apple, Google, Facebook, Telegram, Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, and more.

The researchers believe most of this data was harvested by cybercriminals using ‘infostealer’ malware—nasty programs that sneak onto your device and quietly collect your usernames and passwords.

Some data may have also been gathered by so-called ‘white hat’ hackers (the good guys), but the vast majority appears to be the work of cyber crooks.

​

How Big Is This Breach?

To put it simply: it’s enormous. With over 5.5 billion people using the internet worldwide, the odds are high that at least some of your accounts have been compromised.

One database alone contained 184 million records, including login details for private citizens and government officials from more than 29 countries, including Australia.

In fact, a small sample of 10,000 stolen accounts revealed 220 government email addresses from countries like the US, UK, Australia, Canada, China, India, Israel, and Saudi Arabia.

This isn’t just a privacy issue—it’s a potential national security risk.

​

How Did This Happen?

The exposed data was traced back to a web hosting company called World Host Group.

According to their CEO, Seb de Lemos, a fraudulent user signed up and uploaded the illegal content to their server.

Once the breach was discovered, access to the database was quickly shut down.

But by then, the damage was done—the information had already been exposed to the wider internet, even if only briefly.

​

Why Is This So Dangerous?

This breach is a cybercriminal’s dream come true. With direct access to billions of accounts, hackers can:

• Log in to your accounts and steal personal information
• Launch phishing attacks, using your compromised account to trick your friends and family
• Access sensitive government or business systems
• Commit identity theft or financial fraud

And because the data includes both old and recent information, even accounts you haven’t used in years could be at risk.

​

What Should You Do Now?

Don’t panic—but do act quickly! Here’s what you can do to protect yourself:

Change Your Passwords: Start with your most important accounts—email, banking, Apple, Google, and any government services. Make sure each password is unique and strong (a mix of letters, numbers, and symbols).
Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a code sent to your phone or email whenever you log in.
Check for Unusual Activity: Review your account activity for anything suspicious—logins from strange locations, password reset emails you didn’t request, or messages you didn’t send.
Be Wary of Phishing Scams: If you receive emails or texts asking for personal information, double-check the sender and never click on suspicious links.
Use a Password Manager: These handy tools can generate and store strong, unique passwords for all your accounts, so you don’t have to remember them all.

​

A Wake-Up Call for All of Us

This breach is a stark reminder that no one is immune to cybercrime, not even governments or tech giants. It’s more important than ever to practice good ‘password hygiene’ and stay vigilant online.

If you’re feeling overwhelmed by all this, you’re not alone.

Many of us grew up in a world where a ‘password’ was something you whispered to get into a secret club, not something you needed for every aspect of daily life!

But with a few simple steps, you can dramatically reduce your risk.

Key Takeaways

• Cybersecurity researchers have uncovered a massive data breach exposing more than 16 billion passwords and account records from Apple, Google, Facebook, the government, and many other websites.
• Experts warn that both old and recent login details are included, posing a significant risk, especially for anyone not using two-factor authentication or practising strong password security.
• Australians are among those affected, with government email addresses from over 29 countries, including Australia, found in the exposed data.
• All internet users are urged to immediately change passwords for affected platforms and enable two-factor authentication to better protect their accounts and personal data.

Have you ever received a suspicious email or had your account hacked? Do you have any tips for keeping your online life secure? We’d love to hear your stories and advice—share your experiences in the comments below.

Read more: Your passwords might be compromised—find out why you should be worried now

 

[riskydave]

So what happened to Google, Apple and the like having allegedly infallible security ...??

 

[Observer]

Whipping the bastards would still be too lenient for them.

 

[DiRose]

Yet Government, Banks and every other organisation are pushing harder and harder for us to be digital, it is not safe!!!!!

 

[Observer]

Yet Government, Banks and every other organisation are pushing harder and harder for us to be digital, it is not safe!!!!!

I guess I wouldn't be so much against digital to an extent (though I still want the ability to use cash when I decide), if I knew there was a 100% guarantee that my funds or online assets are not being stolen by a lame brain hacker, and I will be reimbursed by said companies that keep pushing digital.
Hear of too many people who are lax in their own protection and also where companies are only doing a partial refunds.

 

[RobbyNotTheRobot]

And yet the shakers and movers are still forcing digital onto us as good thing, a good trendy thing go digital and be trendy with your fellow trendy friends while having a trendy coffee at a trendy Cafe ordering their trendy coffee with their trendy iphone QR code menus oh we are so modern and trendy how advanced are we while the dinosaurs are clinging to this un-cool thing called cash blah blah brainwashed blah

 

[Furbaby]

I had someone trying to get into my Facebook but lucky I had a a two-factor identification on it as it sent an email to me and asked if I had logged in and said no so they were going to check it out

 

[jsan]

If we think any of our data is safe we are kidding our selves . I try to set up two factor authentication. These are the times we live in and there are pleanty of GRUBS out there trying to steal our information so they can sit on there backsides and live off our money FTHEM

 

[Ross Cameron]

I wonder if, when AI gets into full stride, whether any account will be safe? One thing I do know, cash might be stolen but------------IT CAN!T BE HACKED.

 

[Gerrit H. Schorel-Hlavka]

I have a habit to hoover my mouse pointer above the purported sender identification (on my computer) and often find that the email address then shown is not at all a genuine email address of who allegedly sent the email and so I simply delete the email unread.

 

[7777]

What can be said to a world wide crime that is unstoppable. I wonder what do these cybercriminals need so much money for. Another question, is this the work of normal common people, who were born with natural ability to hack into so many bank accounts, and be totally invinsible. Or is this the work of a person who sits on a super high supreme level within the world of business, holding a big position of power, totally respected by their peers, totally charismatic and totally double faced, cunningly undermining all those below his position. Clearly, this theft by cybercriminals that is conducted on a mega financial scale, is definately not being done to pay for utility costs, cars or holidays. It would seem that so much money is continuously being withdrawn from the public, world wide, to send people into a state of fear and distrust of those who call themselves banks and private financial institutions. What is the motive behind the cybercriminals reason for trying to clean everyones bank account world wide. Is it to become one supreme power with all the wealth in the world. If so, then it appears that there will no longer be a division of financial status, as anyone with large sums of money will be a target for the cybercriminals. So there you have it, it seems like the cybercriminal are trying to create a world of equality, where there are no more rich and wealthy people, and everyone will live a simple life, respect each other for who they are, and not for what they have and own.