16 Billion Leaked Credentials: What Happened, Who Is Affected, and How to Protect Your Accounts

In June 2025, cybersecurity researchers uncovered one of the largest-ever exposed datasets of compromised login credentials — over 16 billion username/password pairs — affecting accounts on platforms such as Google, Apple, Facebook, and many others.

And rest assured: DGLegacy users are NOT impacted by this breach.

What really happened

This was NOT a hack of Apple, Facebook, or Google systems.

Instead, malware called “infostealers” infected thousands of individual computers and mobile devices globally. These malicious programs silently copied saved passwords, cookies, and other login data from browsers and apps.

Cybercriminals then compiled these stolen credentials into massive data dumps—and some of those datasets were accidentally exposed online, where they were discovered by security researchers in June 2025.

In short: The breach came from compromised user devices—not from tech companies’ own servers.

What really happened:

A credential leak, NOT a company hack.

What is infostealer malware?

An “infostealer” is a type of malicious software that:

• Infects your computer or smartphone—often via phishing emails or fake downloads
• Reads saved passwords from browsers like Chrome, Safari, Edge, or Firefox
• Steals cookies that can give access to accounts even without the password
• Sends the stolen data to cybercriminals
• May also log keystrokes or capture screenshots

Infostealers are often undetectable to regular antivirus software and can silently run in the background.

Public statements from companies

Google: A spokesperson clarified that the issue did not stem from a Google-specific breach and encouraged users to adopt passwordless authentication methods, such as passkeys, and to use Google Password Manager, which can alert users if their credentials are compromised.

Meta (Facebook): The company has introduced passkeys for Facebook on mobile devices to enhance security and recommends users enable this feature.

Apple: As of now, there are no direct public statements from Apple regarding this specific breach, but Apple accounts have been listed among those affected in the datasets.

Across the industry, the consensus remains that this breach is not due to any recent vulnerability in the companies’ systems, but rather the result of credential theft from various user devices over time.

Who Is Affected — And Who Is Not?

In other words:

1. If your device was infected, your saved passwords may be exposed.
2. If you reuse passwords, attackers may gain access to more than one account.
3. If you use MFA or passkeys, the risk is significantly lower.

What Should You Do Now? Practical Steps

To protect your online identity and digital legacy, it is important to take the following steps:

• Change passwords on major services, especially if you have reused passwords
• Enable multi-factor authentication (MFA) or passkeys on accounts such as Google, Apple, Facebook, and any financial services
• Deactivate accounts you no longer use to reduce potential exposure
• Check if your credentials have been compromised using services like Have I Been Pwned
• Run malware scans to ensure your devices are not infected with infostealers
• Avoid downloading untrusted files and clicking on phishing emails
• Stay vigilant against phishing and social engineering attempts

How DGLegacy® Supports Your Digital Security

As a leading digital legacy planning and inheritance app, DGLegacy provides features designed to help users stay informed about potential risks to their online accounts and digital assets.

Through its Cyber Breach & Media Monitoring feature, DGLegacy® monitors public breach databases and alerts users if any of their linked email addresses or usernames are detected in exposed datasets. The platform also offers guidance on actions users can take to help secure their accounts when such exposures occur.

The platform is built with zero-trust architecture, end-to-end encryption, and zero-knowledge design, meaning third-party breaches of unrelated services do not provide access to users’ accounts or sensitive information on DGLegacy®.

Key Takeaways

• The breach is not a direct hack of Apple, Facebook, or Google. Instead, it is a massive collection of credentials stolen from user devices through infostealer malware.
• The exposed data poses a significant risk for account takeovers, identity theft, and phishing attacks.
• Users should act immediately to secure their accounts by updating passwords, enabling MFA or passkeys, and maintaining good password hygiene.
• DGLegacy® users remain protected — the platform was not affected, and continues to safeguard your digital legacy with ongoing monitoring and alerts.