Billions of Passwords for Google, Apple, and Meta Exposed in Massive Hacks

Two Waves of Password Leaks Target Major Tech Accounts

Barely a week apart, two staggering data breaches hit the internet, putting billions of digital lives at risk. The scale is almost unimaginable: first, more than 16 billion credentials tied to big names like Google, Apple, Meta (the company behind Facebook), and Telegram were leaked online. Researchers say these login details weren’t just trickling out—they were gushing, pooled from at least 30 different exposed datasets found on June 19, 2025. The culprit? Infostealer malware, the sneaky software that quietly harvests sensitive data as people go about their day online.

That wasn’t the end of it. Just four days later, on June 23, security researcher Bob Fowler came across another enormous stash—184 million passwords wide open, without even a weak password to slow down snoops. No logins, no firewalls, just raw data available for the taking. Fowler quickly reported the exposure. The good news: the hosting provider took down the database. The bad news: no one really knows who collected all that information in the first place.

How Hackers Weaponize Leaked Passwords—and What It Means for You

The numbers are jaw-dropping, but what does it mean for everyday users? It starts with something called credential stuffing. If you’re using the same password across different accounts—a surprisingly common habit—cybercriminals can use these leaks to break into your email, bank, work logins, or social accounts in seconds. All they need is this exposed data, a little bit of automation, and they can take over not just one, but several parts of your digital life.

Fowler wanted to be sure he wasn’t looking at fake or outdated info. So he picked people in the leaked database and reached out. They confirmed it: their real passwords and personal details were listed, accurate and exposed. The verification ramps up the urgency. It’s not a drill—it’s as real as it gets.

Experts are especially worried about users storing sensitive documents—think tax forms, legal papers, or medical records—in their email or cloud accounts. A single stolen password could unlock your most private information. And once these leaks hit shady corners of the internet, they’re nearly impossible to put back, traded and sold like collectibles by cybercriminals worldwide.

So what should people do? The advice isn’t glamorous, but it works:

• Create a unique password for each account. Don’t recycle, and don’t make them obvious.
• Turn on two-factor authentication. It’s an extra step, but it thwarts most simple attacks.
• Keep an eye out for suspicious account activity—unexpected password change alerts or login attempts.
• Run reliable security software that scans for infostealer malware on your devices.

The fallout from breaches like these has a long tail. Sometimes, passwords and identities leaked now get used years down the line. Staying vigilant is the only way to keep digital doors locked—no matter how many new hacks make headlines.