On June 26, 2025, Cybernews revealed a historic data leak involving over 16 billion credentials from more than 750 million infected devices, impacting major services like Google, Microsoft, Apple, and Facebook across 29 countries.

The initial alert about this massive data dump came from cybersecurity researcher Jeremiah Fowler in May 2025, who discovered 184 million records on a publicly accessible Elasticsearch server, later confirmed to be hosted by a fraudulent user.

The leaked records were compiled using infostealer malware, which harvests login credentials from infected devices, and included both old and recent credentials from various platforms and government accounts.

The breach has largely gone unnoticed due to its fragmented nature, as it was not linked to any specific corporate victim and the data had been collected over years from various sources.

This incident highlights significant lapses in cybersecurity practices, reflecting years of accumulated vulnerabilities and the pervasive threat of infostealer malware.

June 2025 has seen a series of significant data breaches across various industries, underscoring the urgent need for organizations to adopt proactive cybersecurity measures.

Experts stress the importance of improving defenses against evolving threats, urging organizations to implement Endpoint Detection and Response tools and enforce robust password management practices.

To better protect against credential theft, businesses are advised to conduct ongoing security training for employees and apply access controls based on risk.

Individuals and organizations are encouraged to adopt better security practices, including changing passwords regularly, using unique passwords for each account, enabling multi-factor authentication, and monitoring account activity.

In related news, Hawaiian Airlines faced operational disruptions from a suspected ransomware cyberattack, although no customer data was confirmed compromised.

Glasgow City Council was also targeted by ransomware, which disabled public services and raised concerns about potential exposure of citizen data.

Additionally, Aflac disclosed a data breach involving the cybercriminal group 'Scattered Spider', which accessed sensitive customer data, including Social Security numbers and health information.