One of the largest data breaches ever seen has recently hit the public, sharing 16 billion brand-new leaked login credentials. While major data breaches of this scale are typically full of billions of previously leaked credentials, today’s megaleak is made of almost entirely previously unreported databases.

Cybernews, the team responsible for IDing and cataloging a significant number of previous major leaks, assembled the datasets making up this most recent 16B leak. Only one dataset in the breach, a 184 million-record batch reported by Wired, had been previously reported. The rest are all new from all over the world, including three distinct batches that held over 1 billion credentials each.

The datasets that make up the 16B breach are largely unconnected and have been uncovered by security researchers since January. The largest batch, sourced from Portuguese-speaking populations, contains 3.5 billion credentials, with other major batches named after Russian logins, Telegram logins, and a host of largely generic names.

Concerningly, it is not yet known who originally owned most of the data batches making up the breach. This means that clear action items to wipe your data from these collections cannot be issued, nor can researchers tell what attacks were being considered for the data.

As with all mega security breaches, the 16B mystery leak serves as a loud reminder to practice clean internet hygiene by choosing secure passwords that are changed semi-regularly. The breach has not yet hit the same notoriety as other, snappier-named breaches like the RockYou2024 breach or the 26-billion-logins MOAB breach, meaning data brokers may not have exploited the logins.

It also means that databases that serve to warn users about their compromised data have not yet been populated with the leaked accounts. Internet browsers like Firefox or Chrome that warn users of compromised credentials or third-party tools like Cybernews’ data leak checker haven’t yet been updated with the newly revealed stolen credentials.

Large collections of stolen credentials like the ones making up this megaleak are often used in major digital offensives like phishing scams or other attacks that scale up well. So ,beyond ensuring your passwords are safe and haven’t gone unchanged in 10+ years, being wary of phishing and other likely scams is also good internet safety that should always be practiced, especially in the wake of cybersecurity events like this one.

Stay On the Cutting Edge: Get the Tom’s Hardware Newsletter Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

Follow Tom’s Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.