A massive cyber threat has just been discovered, and it could affect millions of people across the world, including in India. On 20 June 2025, cybersecurity experts from the website Cybernews found a huge file on hacker forums and the dark web. This file contained more than 16 billion usernames and passwords. Yes, 16 billion — more than double the world’s population. This is now considered the biggest password leak in history.

What makes this leak even more dangerous is that it is not from one single hack. It is a collection of many old data leaks, all gathered into one mega database. The stolen data includes email IDs, usernames, and passwords from popular services like Google, Facebook, Apple, LinkedIn, and many more. Hackers have also added data collected from "infostealer malware" — a virus that quietly records what you type, steals saved passwords from your browser, and secretly sends them to hackers.

Experts warn that this leak is not just random information. It can be used to commit serious cybercrimes. Hackers can use a trick called "credential stuffing," where they try the same email and password on many different websites. If even one match works, they can break into your bank account, UPI apps like PhonePe or Paytm, email, social media, shopping apps, or streaming accounts like Netflix. They can change your passwords, steal your data, and even scam others using your name.

In India, where many people use the same mobile number or email ID for all their accounts, and often don’t update passwords for years, this leak is a big danger. That’s why experts are calling this database a “blueprint for cybercrime.”

To stay safe, the first step is to scan your phone or computer using trusted antivirus software such as Norton, Quick Heal, Bitdefender, or Microsoft Defender. After that, change your passwords. Use strong passwords that are different for every account. Avoid using names, birthdays, or simple words.

It’s also important to turn on two-factor authentication (2FA). This adds a second layer of safety. Apps like Google Authenticator and Microsoft Authenticator generate a code that changes every 30 seconds, making it harder for hackers to break in. You can also use a password manager like Bitwarden, 1Password, or Google Password Manager to create and safely store your new passwords.

You should also check if your email ID was part of this leak. Visit the website HaveIBeenPwned.com and type your email to find out. If it shows your data was leaked, change your password immediately.

Hackers may also try to fool you with scam messages, pop-ups, or emails claiming that your account is hacked. Don’t click on any unknown links. Always go to the official website by typing the address yourself.

This leak is a serious reminder of how important online safety is today. Protect your accounts, stay alert, and don’t ignore this warning. For more such important updates, keep following ISH News.

Tags

• cyber attack
• data leak
• hacking

Advertisement