Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Securing Access

Data Leak With 16 Billion Passwords? What Really Lies Behind the Reports

Fiber-optic cables in a server room
If you're concerned after the data leak, you can use password managers for secure and personalized logins. Photo: Michael Kappeler/dpa

June 20, 2025, 4:11 pm | Read time: 3 minutes

One of the largest data leaks in history is currently being discussed online. Allegedly, billions of login credentials are circulating. But how dangerous is the situation really? And which protective measures are particularly worthwhile now?

Share article

Reports of 16 billion stolen login credentials are causing a stir. However, according to experts, these are mostly old, already known information from previous data breaches. The security situation remains serious nonetheless–especially for those who handle their passwords carelessly.

Panic Over Mega Data Leak–How Great Is the Real Danger?

Currently, reports are circulating online about an allegedly unprecedented data leak with 16 billion compromised login credentials from services such as Apple, Facebook, or Google. Despite this alarming number, the trade magazine “Heise” largely gives the all-clear: It is mostly many long-known data, and there are numerous overlaps in the datasets. The great excitement is therefore misplaced.

Prevention Remains Crucial–Access Control and Password Changes

Nevertheless, users should remain vigilant. “Heise” advises always checking “whether there may be unusual access to services they use and, if in doubt, change passwords.” Another important step: Activate multi-factor authentication or–if possible–use the more secure password-free login with passkeys.

Also interesting: A small stick on the keychain can replace passwords

Check Your Own Accounts–Two Tools Can Help

Whether your own login credentials are affected can be easily checked. Australian security expert Troy Hunt operates Have I been pwned?, a database where users can check by entering their email addresses if they appear in a data breach.

Additionally, the Identity Leak Checker from the Hasso Plattner Institute (HPI) is recommended, which also draws on extensive leaks. Even though there may be overlaps in both tools, using both services in parallel is worthwhile.

A Secure Password for Every Service–Non-negotiable

If a match is found in a query, the affected password must be immediately replaced–with an individual, strong password. Reusing passwords for multiple services is considered a high security risk, as attackers could take over multiple accounts with a single login.

For secure management, the Federal Office for Information Security (BSI) recommends the use of password managers. Those who prefer not to use them can alternatively work with a so-called password memo–a method that the BSI explains in detail on its website.

More on the topic

Passkeys for Password-Free Login

A promising approach for more security is password-free login via passkey. This involves a cryptographic process with a key pair–a private key on the user’s device and a public key on the service provider’s server.

Passkeys are considered particularly secure: They cannot be guessed, cannot be forgotten, and are resistant to classic phishing attacks. They can be stored on a security stick (FIDO2), in the operating system (e.g., Android, iOS, Windows), or in modern password managers that enable cross-platform use.

With material from dpa

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

Topics News Security
You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.