In what experts are calling the largest password leak in history, 16 billion login credentials, many linked to tech giants such as Apple, Google, Facebook, GitHub, and Telegram have been exposed in a massive data dump confirmed by cybersecurity research team Cybernews, led by Vilius Petkauskas.
The breach, first reported by Forbes, has set off alarms worldwide.
Investigators found 30 separate data dumps, each containing tens of millions to over 3.5 billion records, largely attributed to infostealer malware,software designed to quietly collect usernames, passwords and other sensitive data from infected devices.
“This is not just a leak...it’s a blueprint for mass exploitation,” Petkauskas told Forbes. “These credentials are ground zero for phishing attacks and account takeovers.”
While the global implications are staggering, the Indian cybersecurity community warns that the local impact could be far more dire due to deep-rooted habits and lack of awareness.
India’s weak password culture
Gautam S Mengle, Assistant Vice President & Security Awareness Strategist at Mumbai-based CyberFrat, says that Indians remain dangerously casual about cybersecurity.
“If you're using Gmail to log into Zomato, Zoom, Netflix, your bank, often with the same password...you’re basically handing over the keys to your digital house,” Mengle told The Telegraph Online.
He explains that most Indians reuse passwords across platforms, and many even write them down or save them in unprotected notes apps. Common passwords include birthdays, children’s names, or family surnames...most of which are easily found on social media.
Mengle advocates for the use of passphrases, like… ‘Ilovebiriyani’..basically, longer strings of words that are easier to remember but harder to crack, especially when paired with numbers, symbols and capital letters.
Low awareness, high exposure
India’s cybersecurity blind spots have grown alongside its digital adoption. From banking and payments to food delivery and online shopping, Indians are now hyper-connected.
But the awareness of cyber hygiene hasn’t kept pace.
Sandeep Sengupta, founder and director of Indian School of Anti-Hacking and a member of the NASSCOM National SME Council, says, “Most people don’t use two-factor authentication. They don’t research cybersecurity practices. It’s like people refusing to wear masks during the pandemic...initially reluctant, but eventually, it became a norm. We need to treat cybersecurity like digital hygiene," Sengupta told The Telegraph Online.
Sengupta, whose firm is empaneled with CERT-In, also sees hope in the younger generation. “A lot of schools are organising cyber awareness workshops. Colleges are offering BSc degrees in cybersecurity. This is encouraging...but it's not fast enough.”
The Indian bug bounty hunter
Not all stories are bleak. Assam-born cybersecurity expert Rony Das discovered a major vulnerability in Android Foreground Services in 2021 while creating an app. Google rewarded him $5,000 for responsibly disclosing the bug.
“It shows that with curiosity and initiative, young Indians can contribute to global cybersecurity,” Sengupta says. “Imagine what’s possible if we start teaching cybersecurity in schools instead of just Java or Python.”
So what can you do right now?
Darren Guccione, CEO of Keeper Security, advises global users to urgently rethink their digital hygiene.
“Invest in password managers. Monitor the dark web for breaches. And use strong, unique passwords for every account,” he was quoted as saying by Forbes.
Websites like Have I Been Pwned and Cybernews allow users to check if their data has been compromised in recent leaks.
Mengle and Sengupta recommend the following for Indian users:
Use passphrases instead of simple passwords.
Examples: “MyCatEatsBiryani!” or “GoaTrip@2025#Cancelled”
Never reuse passwords across accounts. A compromised password can give hackers control over your entire digital identity.
Enable two-factor authentication everywhere. It’s not optional anymore.
What a cyber leak means for India’s future
With 16 billion passwords now floating through hacker networks, the world is entering a new phase of vulnerability. For India...a country increasingly dependent on smartphones and digital transactions, the stakes are especially high.
Sengupta warns: “Cybercrime often goes unnoticed until it’s too late.”
But both Mengle and Sengupta agree: it’s not too late to build a firewall...not just of code, but of awareness.
“The tools exist. The knowledge exists. What we need now,” Mengle says, “is for people to care.”
