Tasleem Gierdien23 June 2025 | 7:46

Data breach exposes 16bn logins across platforms: HOW TO CHECK if your details were leaked

A record-breaking data breach has exposed over 16 billion login credentials, impacting users of major platforms including Apple, Google, Facebook, GitHub, Telegram, and others.

Data breach exposes 16bn logins across platforms: HOW TO CHECK if your details were leaked

Picture: AFP

Pippa Hudson, standing in for CapeTalk's Lester Kiewit, speaks to Craig Pedersen, Director of The Computer Guy (TCG) Forensics.

Listen below:

According to Cybernews, data from over 30 separate databases was compromised, each containing up to 3.5 billion records, ranging from social media and VPN logins to developer tools and corporate systems.

This breach is one of the largest in history and includes URLs, usernames, and passwords, potentially putting billions of online accounts at risk. Cybercriminals could exploit the leaked data for phishing attacks, identity theft, and other malicious activities.

Platforms affected include:

  • Apple (Apple ID)

  • Google (Gmail)

  • Facebook

  • GitHub

  • Telegram

  • X

  • Government and corporate portals

Pedersen explains how this long-time-coming data breach might have occurred.

"This has been coming for some time; there have been indicators. A lot of it lies behind a thing called an info-stealer... a really small application that can be dropped onto somebody's computer by a number of different means, including embedding it within a website. That info-stealer specifically takes all those passwords saved on our internet browser and passes them off to a third party who collects them, and over time, they have amassed 16 billion of these."
- Craig Pedersen, Director - Computer Guy Forensics
"For some time, it's been known and commonly circulated in the industry that using the likes of Google Chrome, Firefox, Edge and saving passwords inside your browser is insecure, and this is the proof of that."
- Craig Pedersen, Director - Computer Guy Forensics

Pedersen explains what can be done with stolen data if it's not protected by two-factor authentication.

"The risks that exist are specifically something we refer to as 'credential smurfing', where threat actors can get hold of this data and mine it for a particular demographic or particular country, especially at Gmail type level, and fire away combinations to see whether or not two-factor authentication is enabled. If it's not enabled, they're going to have access to that mailbox... hundreds and thousands of businesses still use Gmail as their go-to..."
- Craig Pedersen, Director - Computer Guy Forensics

Given the massive scale of the breach, it’s unclear exactly how many accounts are compromised. However, users must act immediately to protect themselves.

How to protect your accounts:

  • Enable two-factor authentication: This adds a second layer of security that can block unauthorised logins, even if your password is exposed.
  • Check if your data was leaked: Visit 'Have I Been Pwned' to see if your email or credentials are part of the breach.
  • Change your passwords: If your data is compromised, update your passwords immediately, especially for sensitive or reused accounts and do not reuse your passwords.
  • Delete unused accounts: This minimises exposure and reduces risk.
  • Use a password manager tool rather than saving it in your browser: A reliable password manager can help generate and store strong, unique passwords for each of your accounts.

Scroll up to the audio player to listen to the full conversation.