News spread early Fridaythat a record-breaking data breach exposed 16 billion passwords to the world,Spain including user credentials for the likes of Facebook, Google, Apple, and tons of other places. Some commentators were quick to call it the largest password leak in history, and in terms of raw records exposed, that’s mostly, technically true. However, these records did notcome from a single breach — or even a new breach. Instead, they came from many smaller ones.
Data breaches are an unfortunate reality in the digital age, and some of the breaches can be quite large. However, not every release of stolen data is the direct result of a recent cybersecurity breach. As Mashable recently reported in our countdown of the top cybersecurity breaches of 2025, hackers will often compile information from multiple prior hacks and combine them into one massive file. This is becoming a trend in the darker corners of the internet. The end result is more of a “greatest hits” rather than a new, noteworthy hack.
Such is the case here. Per Bleeping Computer, the information contained in the 16 billion records was most likely compiled from a host of prior hacks, compiled, and then released as a single set of data. It was likely circulating for some time before being compiled, and likely came from a combination of breaches, hacks, phishing scams, and malware.
This is backed up by a tweetfrom vx-underground, an educational website that specializes in malware and cybersecurity. “Someone took a bunch of existing leaks, threw it all together, and slapped a NEW stick [sic] on it.”
This Tweet is currently unavailable. It might be loading or has been removed.
However, the existence of all this data in one spot is still rather damaging, as cybercriminals now have access to all of this data in a single spot, potentially making it much easier to concoct more effective phishing scams or engage in identity theft.
The largest single-point data breach in history is still Yahoo’s 2016 breach, when hackers stole data about all three billion of the website’s users.
Mashable is live at VidCon 2025:Check out our VidCon coveragewith your favorite content creators now.
With so many records in one spot — even if some of them are legacy data that is no longer relevant — it’s still probably a good idea to take an audit of your online services to make sure you’re protected. A good place to start is Have I Been Pwned, a website dedicated to showing data breaches. Simply go there, enter your email address(es), and the site will show you which credentials have been exposed to the public.
We recommend changing those credentials immediately if you haven’t already, and using a strong password when you do so, as they are more difficult to crack. After that, you’ll want to enable multi-factor authenticationon every account you possibly can, as the added layer helps keep criminals from stealing your life if they obtain your password. That should be the bare minimum, but there are plenty of other steps you can taketo keep yourself safe online as well.
Have a story to share about a scam or security breach that impacted you? Tell us about it. Email [email protected]with the subject line "Safety Net" or use this form.Someone from Mashable will get in touch.
Topics Cybersecurity
11 Tech Products That Were Supposed to Fail... But Didn't
Google Gemini now allows AI
Garmin Fenix 8 vs. Apple Watch Ultra: The Fenix wins big on battery life
Wordle today: The answer and hints for August 29
Best Presidents' Day deal: Save $250 on Peloton Bike
Here are the 5 songs of the summer, according to Spotify
Wayfair Labor Day Sale 2024
A Barbie flip phone is here from HMD
Best Apple iPad Mini deal: Save $100 at Best Buy
Garmin Fenix 8 vs. Apple Watch Ultra: The Fenix wins big on battery life
Collins vs. Jabeur 2025 livestream: Watch Adelaide International for free
NYT mini crossword answers for August 30
Best MasterClass deal: Save 50% off a yearlong MasterClass subscription
iPhone 16 cameras: 3 new rumored features you need to know about
Sinner vs. Shelton 2025 livestream: Watch Australian Open for free
Uber faces $324 million fine for mishandling driver data
I used the Pixel 9 Pro XL in the shower — does the screen work when wet as claimed?
Best Bose deal: Save up to $150 on Bose headphones and speakers
Even Trump's Earth Day message was anti
Best sex toy deal: Save up to 70% on select toys at Lovehoney
Get $70 off Apple Watch SE for Black Friday 2023Japanese Tea, Rockets, and Switchblades: Tom Sachs and David SearcyTrump Disappears up HimselfPeloton Black Friday deal: 24% off Original Peloton BikeFalling in Love with an Empty Man: The Work of José LeonilsonI review cheap gaming laptops for a living. This is the best one under $1,000.Lego Black Friday deal: 50% off Baby Yoda LegoWriting Fiction in the Shadow of JerusalemWhen Jazz Was Dangerous by Nathaniel RichTen Things I Learned from Ursula K. Le GuinStaff Picks: Sinners, Slavery, and ShultsStaff Picks: Vengeance, Evil, and GraceDon’t You Weep: The Bruce Springsteen Cure for Despair by Tom Piazza180+ Black Friday gaming deals 2023: Nintendo Switch, Xbox, and moreWhen Jazz Was Dangerous by Nathaniel RichThe ancestor trend on TikTok, explained.The Questionable History of the FutureKindle Paperwhite Black Friday deal: $20 off Kindle PaperwhiteMartin Luther King's Radical Anticapitalism"What Does Your Husband Think of Your Novel?" Atari 2600: The Atlantis of Game Consoles The 'Bob's Burgers' soundtrack will have 112 songs, which is not enough Fans wave what appear to be Russian flags in support of Trump at CPAC Lana Del Ray calls upon fellow witches to cast spell on Donald Trump MashReads Podcast: George Saunders' 'Lincoln in the Bardo' is a perfect novel Bill Paxton, star of '80s and '90s genre films and TV, dead at 61 Texting on Android will soon get a lot better Just swearing at Trump (probably) won't get you in Twitter timeout LG G6 ushers in a new era of smartphones with huge screens KFC is coming for clean eaters with this hilarious parody SoFi raises $500 million to expand beyond student loans Barack Obama hasn't updated his LinkedIn page and now we're even more depressed The one thing that says everything about Bill Paxton's badass career 7 wearables saving babies' lives around the world Trump's FCC wants to let your cable company sell your data, because who cares about privacy? An exclusive look at Donald Trump's Twitter drafts for Oscar night The most cringe Warren Buffett basically just subtweeted President Donald Trump, shade, shade, shade The best, most savage punchlines from Nick Kroll & John Mulaney Indie Spirit Awards hosting gig Moto G5 and G5 Plus redefine the meaning of budget phones