Massive Password Leak: Take Action Now

Security & Privacy
Written By Chris Buffalino

What happened?

A new investigation reports that around 16 billion login credentials (usernames and passwords) have surfaced online from multiple sources—big names like Apple, Google, Facebook, Instagram, plus other services including VPNs, developer tools, Telegram, and government platforms. Experts warn this isn’t just old data—it’s fresh, untapped, and could be used in phishing scams or account hijacks at scale.

Why this matters to you:

  • Your password—even if strong—could be among those leaked.

  • Criminals use stolen credentials to break into accounts, take over social media, shop online, or commit fraud.

What security experts recommend:

  1. Change passwords on all major accounts now.

  2. Use a unique password for each service.

  3. Turn on two-factor authentication (2FA).

  4. Switch to passkeys where possible (Google and Apple support them)—they’re safer than traditional passwords.

  5. Consider using a password manager to keep everything organized and secure.

Easy Steps to Change Your Passwords

Google (Gmail, YouTube, etc.)

  1. Go to myaccount.google.com.

  2. Click Security → Password.

  3. Enter your current password, then type a new one.

  4. Finish with Change Password.

  5. While there, enable 2-Step Verification under Security.

Facebook

  1. In Facebook (web or app), click the menu (down arrow or ☰).

  2. Go to Settings & Privacy → Settings → Security and Login.

  3. Under Change password, enter your current and new password.

  4. Click Save Changes and turn on Two-Factor Authentication.

Instagram

  1. Open Instagram and go to your Profile, then tap ☰ → Settings → Security → Password.

  2. Type your old and new passwords, then hit Save.

  3. In Security, tap Two-Factor Authentication and follow the setup steps (SMS or authentication app).

Apple ID (iCloud, App Store, etc.)

On iPhone/iPad:

  1. Open Settings → Your Name → Password & Security → Change Password.

  2. Verify your device passcode, then set a new Apple ID password.

On Mac:

  1. Go to System Settings → Your Name → Password & Security → Change Password.

  2. Enter your account password, then choose a new one.

Also consider enabling two-factor authentication for Apple ID under the same menu.

Tips for Choosing Strong Passwords

  • Use long, unique phrases—avoid reused or simple ones like “123456.”

  • Mix uppercase, lowercase, numbers, and symbols.

  • Avoid details easy to guess (birthdays, pet names).

  • Never reuse passwords across sites.

  • A password manager (like LastPass or Bitwarden) helps generate and store them securely.

What If You Didn’t Click Any Strange Links?

Some password leaks come from malware on users’ computers—not necessarily from clicking shady links. That underlying risk means changing your passwords and enabling 2FA still matters.

Final Word

This huge leak affecting 16 billion credentials is a wake-up call. You might not know if your passwords were exposed, so the best defense is to act now:

  1. Change passwords on major accounts (Google, Facebook, Instagram, Apple).

  2. Turn on 2FA everywhere you can.

  3. Use a password manager.

  4. Consider passkeys for extra security.

Chris Buffalino https://TechSupportWithChris.com
Next

Should you buy the iPhone 16?