From Instagram to bank accounts, 16 billion passwords leaked quietly, government released warning

New Delhi. Imagine that you are starting your day and you come to know that you have ever used the password, whether it is Instagram or Bank Account, is now roaming on the dark web. This is a bad dream of a technology, isn’t it? But for millions of people it can already be a scary reality. Experts are calling it the biggest data in internet history. More than 16 billion login credentials have been leaked. And this is not an old thing. This is the information collected using fresh, organized and advanced infoseller malware.

How did this happened?
This was not a normal cyber attack. No firewalls were broken, no zero-day weaknesses were opened. Instead, this breech gradually happened in years. The data was collected quietly using Infoseller Malware, hiding on infected devices, stealing login credentials without any warning.

According to the Reuters report, a part of the leaked data comes from the old, already compromised password dump. But this time the theft of this time makes the involvement of new Infoseller logs. According to Cybens, this makes it particularly dangerous, especially for organizations that do not use multi-factor authentication or do not follow good credential hygiene. Simply put, if you are still using passwords again or ignoring additional security layers, you may get into serious trouble.

This data set includes username, password, authentication tokens, sessions cookies and metadata, which connect the information to individual users and platforms.

India’s cyber security agency released warning

India’s Cyber ​​Security Agency, Computer Emergency Response Team (CERT-in), has issued an important warning after discovering a big data leak. This warning is with the CTAD-2025-0024 tag and the date of 23 June, which has been warned about the massive revelations of the Sensitive information collected from Apple, Google, Facebook, Telegram, GITHUB and many VPN services to users.

Cert-in has identified many dangers produced by this leak. These include credential stuffing attacks, where stolen login details are used to achieve unauthorized access in various services; Fishing and social engineering, in which the help of detailed metadata is taken; Account takeover of individual and financial platforms and more sophisticated cyber attacks such as ransomware and business email compromise.

The leaks occurred mainly from two sources – from the database publicly exposed due to malware and incorrect conference stolen credentials stored in the browser and files. Watchdog emphasized the seriousness of danger due to the large number of affected accounts and various platforms involved.

How to save yourself?
To reduce the risk, CERT-in recommends all users to update the password immediately, especially on high-risk platforms such as banking, social media and government portals. Users should create strong, unique passwords using a combination of letters, numbers and symbols and avoid reuse of passwords. The agency also recommended to enable multi-factor authentication for additional security, to be cautious to fisting efforts and use reliable password managers to store and generate safe credentials.