Billions of login credentials may have leaked. Here's how you can protect your accounts

Shaki Sutharsan · CBC News

· Posted: Jun 20, 2025 9:26 PM EDT | Last Updated: 7 hours ago

A study that autarkic cybersecurity quality outlet Cybernews published connected Wednesday claimed 16 cardinal login credentials were exposed and compiled into datasets online, giving cybercriminals entree to accounts connected such online platforms arsenic Google, Apple and Facebook.

CBC News was incapable to independently verify the report, but cybersecurity experts accidental the incidental is yet different reminder for radical to regularly alteration their passwords and not usage the aforesaid 1 for aggregate platforms.

"About 3 oregon 4 times a year, instrumentality those passwords that are particularly successful the societal platforms that you use, the places you similar to go, and conscionable alteration those passwords and support them fresh," Enza Alexander, enforcement vice-president of ISA Cybersecurity successful Toronto, said.

"Don't reuse what you utilized before. Use [passwords] that person characters and numbers and that are precise unique."

Alexander acknowledged this tin marque them harder to remember, but cycling passwords connected the antithetic platforms you usage makes it harder for cybercriminals to entree your accounts and find indicators of your identity.

Cybernews said that duplicate records are apt to beryllium contiguous successful the datasets, meaning it's "impossible" to find the nonstop fig of radical whose credentials mightiness have been exposed successful the leak.

The leaked records don't look to travel from a centralized breach that targeted a circumstantial institution but alternatively a compilation of datasets containing login credentials that were gathered implicit time.

Cybernews said successful its study that assorted infostealers are apt down it. Infostealers are a signifier of malicious bundle that breaches a victim's instrumentality oregon systems to instrumentality delicate information.

A Google spokesperson said successful a connection to CBC News that the contented did not stem from a Google information breach.

Bob Diachenko, a cybersecurity researcher and Cybernews contributor who was progressive successful reporting the leak, posted connected societal media level X noting that determination was nary azygous root of the leak.

"What this fig reflects is the size of antithetic infostealers logs exposed publically since the opening of this twelvemonth alone," Diachenko said successful the post, adding that the leak signifies the ample standard of "infostealers infections" today.

Many questions stay astir these leaked credentials, including whose hands the login credentials are successful now. But as information breaches go progressively communal successful today's world, experts proceed to accent the value of maintaining cardinal "cyber hygiene."

How tin you support your credentials?

Alexander said that "it's hard to recognize what is close and what is not" astir the leak, but noted that it's important for radical to alteration their passwords if they're disquieted they mightiness beryllium affected.

She besides recommended that radical look astatine antithetic information offerings that platforms whitethorn offer, specified arsenic logging successful utilizing a passkey alternatively than a password.

Some online services, similar Google and Apple, let users to motion successful utilizing a passkey arsenic an alternate to utilizing a password. This lets users motion into their accounts with a facial designation scan, their fingerprint or a pin.

In its statement, Google encouraged users to usage passwordless authentication methods specified arsenic passkeys, which the company said are much secure. It besides suggested utilizing tools similar Google Password Manager, which volition store passwords and notify users if immoderate of their passwords person been progressive successful a information breach truthful they tin instrumentality action.

"It's truly important that radical spot if they've been affected but not overreact to the situation," Alexander said.