Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
News Security All topics
Securing Access

Data Breach with 16 Billion Passwords? What’s Really Behind the Reports

Fiber-optic cables in a server room
If you're concerned after the data leak, you can use password managers for secure and personalized logins. Photo: Michael Kappeler/dpa
Share article

June 20, 2025, 4:11 pm | Read time: 3 minutes

One of the largest data leaks in history is currently being discussed online. Allegedly, billions of login credentials are circulating. But how dangerous is the situation really? And which protective measures are particularly worthwhile now?

Reports of 16 billion stolen credentials are causing a stir. However, according to experts, these are mostly old, already known information from previous data leaks. The security situation remains serious nonetheless–especially for those who are careless with their passwords.

Panic over mega data leak–how great is the real danger?

Currently, reports are circulating on the internet about an allegedly unprecedented data leak with 16 billion compromised credentials from services such as Apple, Facebook, or Google. Despite this alarming number, the trade magazine “Heise” largely gives the all-clear: It is mostly many long-known data, and there are numerous overlaps in the datasets. The great excitement is therefore misplaced.

Prevention remains crucial–access control and password changes

Nevertheless, users should remain vigilant. “Heise” advises always checking “whether there may be unusual access to the services they use and, if in doubt, change passwords.” Another important step: Activate multi-factor authentication or–if possible–use the more secure password-free login with passkeys.

Also interesting: A small stick on the keychain can replace passwords

Check your own accounts–two tools can help

Whether your own credentials are affected can be easily checked. Australian security expert Troy Hunt operates a database with Have I been pwned? where users can check if their email addresses appear in a data leak.

Additionally, the Identity Leak Checker from the Hasso Plattner Institute (HPI) is recommended, which also draws on extensive leaks. Even though there may be overlaps in both tools, using both services in parallel is worthwhile.

More on the topic

A secure password for every service–non-negotiable

If a match is found in a query, the affected password must be immediately replaced–with an individual, strong password. Reusing passwords for multiple services is considered a high security risk, as attackers could take over multiple accounts with a single login.

For secure management, the Federal Office for Information Security (BSI) recommends the use of password managers. Those who prefer not to use them can alternatively work with a so-called password memo–a method that the BSI explains in detail on its website.

Passkeys for password-free login

A promising approach for more security is password-free login via passkey. This involves a cryptographic process with a key pair–a private key on the user’s device and a public key on the service provider’s server.

Passkeys are considered particularly secure: They cannot be guessed, cannot be forgotten, and are resistant to classic phishing attacks. They can be stored on a security stick (FIDO2), in the operating system (e.g., Android, iOS, Windows), or in modern password managers that enable cross-platform use.

With material from dpa

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.