India’s national cybersecurity agency, CERT-In, has issued a critical alert after the exposure of a staggering 16 billion login credentials in what experts are calling one of the largest data breaches to date. The breach is believed to be an aggregation of data from over 30 separate incidents, much of it collected through infostealer malware on compromised devices.
The leaked data reportedly includes email addresses, passwords, authentication tokens, and other sensitive login details from widely used platforms such as Apple, Google, Facebook, Telegram, GitHub, and several VPN services. While a portion of the credentials may be outdated, CERT-In has warned that reused or unchanged passwords can still be exploited, making users vulnerable to identity theft, phishing, and unauthorized account access.
In response, CERT-In has advised all internet users to immediately change their passwords, activate multi-factor authentication (MFA) wherever possible, and consider transitioning to passkeys—a more secure, phishing-resistant method of login. The agency also recommends regularly updating software, scanning for malware, and closely monitoring accounts for any unusual activity.
This breach highlights the ongoing risks posed by poor password practices and malware infections, and serves as a reminder that strong digital hygiene is not optional in today’s threat landscape. Individuals and organizations alike are urged to stay vigilant and adopt modern, layered security approaches to protect their online identities and systems.