Mega breach of 16 billion passwords: how to protect yourself | OneckPass

What happened?

In June 2025, Cybernews researchers revealed an unprecedented mega breach: over 16 billion passwords and credentials were exposed on the internet. Brazil is among the most affected countries, with over 3.5 billion credentials possibly related to Portuguese-speaking users.

Unlike previous leaks that recycled old data, these credentials were collected by infostealer malware — spy programs that silently steal passwords directly from victims' devices.

Which services were affected?

The leak includes credentials from popular services such as:

Google and Gmail
Apple and iCloud
Facebook and Instagram
Telegram and WhatsApp
GitHub and development platforms
Government platforms

How to know if I was affected?

You can check if your email was compromised through Have I Been Pwned, maintained by security expert Troy Hunt.

How to protect yourself?

Follow these essential recommendations:

1. Use a password manager

With a manager like OneckPass, you can have unique and strong passwords for each service without memorizing them. Our zero-knowledge architecture ensures that even we cannot see your passwords.

2. Enable two-factor authentication (2FA)

Even if your password is leaked, 2FA adds an extra layer of protection. OneckPass Premium includes an integrated TOTP code generator.

3. Migrate to Passkeys when possible

Passkeys are a more secure alternative to traditional passwords, resistant to phishing and leaks. Major companies like Google, Apple, and Microsoft already support this technology.

4. Keep your devices secure

Since infostealers infect devices, keep your antivirus updated and avoid downloading programs from untrusted sources.

Conclusion

This mega breach is a wake-up call for the importance of digital security. Don't wait to become a victim — protect your accounts today with strong, unique passwords and a reliable password manager.