Mega breach exposes 16 billion passwords: how to protect yourself
The largest credential leak in history affected millions of Brazilians. Understand what happened and how to protect your accounts.
What happened?
In June 2025, Cybernews researchers revealed an unprecedented mega breach: over 16 billion passwords and credentials were exposed on the internet. Brazil is among the most affected countries, with over 3.5 billion credentials possibly related to Portuguese-speaking users.
Unlike previous leaks that recycled old data, these credentials were collected by infostealer malware — spy programs that silently steal passwords directly from victims' devices.
Which services were affected?
The leak includes credentials from popular services such as:
- Google and Gmail
- Apple and iCloud
- Facebook and Instagram
- Telegram and WhatsApp
- GitHub and development platforms
- Government platforms
How to know if I was affected?
You can check if your email was compromised through Have I Been Pwned, maintained by security expert Troy Hunt.
How to protect yourself?
Follow these essential recommendations:
1. Use a password manager
With a manager like OneckPass, you can have unique and strong passwords for each service without memorizing them. Our zero-knowledge architecture ensures that even we cannot see your passwords.
2. Enable two-factor authentication (2FA)
Even if your password is leaked, 2FA adds an extra layer of protection. OneckPass Premium includes an integrated TOTP code generator.
3. Migrate to Passkeys when possible
Passkeys are a more secure alternative to traditional passwords, resistant to phishing and leaks. Major companies like Google, Apple, and Microsoft already support this technology.
4. Keep your devices secure
Since infostealers infect devices, keep your antivirus updated and avoid downloading programs from untrusted sources.
Conclusion
This mega breach is a wake-up call for the importance of digital security. Don't wait to become a victim — protect your accounts today with strong, unique passwords and a reliable password manager.