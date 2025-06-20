Sixteen billion passwords may have been stolen. Here’s how to protect yourself

A visitor looks at his phone at the Mobile World Congress 2024 in Barcelona, Spain, Feb. 27, 2024. (AP Photo/Pau Venteo, File)

By Tara Deschamps, The Canadian Press

Posted June 20, 2025 1:15 pm.

Last Updated June 20, 2025 2:43 pm.

TORONTO — A Lithuanian cybersecurity news outlet says it uncovered a leak of 16 billion passwords that may grant access to Apple, Google, Facebook accounts and more.

Cybernews warns the data is “a blueprint for mass exploitation” because it could give cybercriminals unprecedented access to information that can be used for account takeovers, identity theft and highly targeted attacks.

Here’s what we know about the leak so far and how people can protect themselves from its repercussions.

What do we know about the leak?

Cybersecurity experts are strongly speculating that the data was leaked through infostealers, said Robert Falzon, head of engineering at security software firm Check Point.

Infostealers are pieces of malware users are duped into clicking on, which then install something on their computer, “which just kind of sits and listens to the computer while you’re typing things from the keyboard.”

The malware can detect when you’re logging into an account and can copy whatever you’ve input to send it to a database of credentials hackers compile.

“As a result of that, we end up with these giant repositories on the dark net filled with lists and lists and lists of usernames and passwords and credentials that have been stolen from users all around the world and that are being bought and sold as commodities,” Falzon said.

Is all this leaked data new?

That’s up for debate. Cybernews says “the data is recent, not merely recycled from old breaches,” but others disagree.

“It’s really hard to track the providence of all of it,” Falzon said, because some hackers package data together from several leaks to resell.

The only way to figure out how new it is would be to obtain other leaks and cross compare the data.

Why is it worrisome?

“If hackers manage to get their hands on your password for Google, Apple, or Facebook, stealing your money and identity may be easier than taking candy from a three-year-old,” Ignas Valancius, head of engineering at cybersecurity company NordPass, said in a press release.

That’s because hackers use the logins they obtain for credential stuffing — a practice where criminals get access to accounts by inputting stolen login information into websites.

If you reuse your passwords across several websites or services, it may mean a hacker can get into your bank account and steal money, your favourite retailer accounts and drain you of your loyalty points or even find your address and birthday and use it for identity theft, Falzon said.

How can I find out if my data was in the breach?

Figuring out if you’ve been a victim of the breach would take obtaining the data and searching through it for your credentials.

Because only an “extreme minority” of people have never been breached in general, Falzon said you’re always best off assuming your info is part of the leak.

What can Canadians do to protect themselves?

Cybersecurity experts are unanimous in advising people to change their passwords regularly, especially after leaks to avoid becoming the victim of credential stuffing.

But long before a breach happens, they say there are several things people can do to protect themselves.

The most obvious is varying your passwords and avoiding reusing them. When you recycle passwords across several websites or services or make them easy to guess, it means hackers won’t have much of a struggle accessing many of your accounts.

Multifactor authentication can also offer a layer of security. When someone attempts to login to an account, it forces them to enter a code sent by email or text before they can get access. The process helps users thwart hacking attempts.

I have so many accounts to keep track of and changing my passwords with every breach is making it hard to remember them all. What can I do?

Some cybersecurity experts are fans of password managers. These services create strong, unique passwords for each account you have. Then, the manager stores them in an encrypted account you can quickly access anytime you need to enter a password.

However, other experts argue password managers can have varying levels of encryption and warn that if the one you are using is breached, all of your passwords may be vulnerable.

So what else can I do?

Many experts advise people to use passkeys, when possible. Passkeys are digital credentials able to unlock accounts with a mere flash of your face or fingerprint scan on your phone.

They are considered to be more secure than passwords because there is no string of characters, numbers and symbols to memorize, making them harder to hack. They don’t need to be changed, can’t be stolen by someone guessing or peeking over your shoulder and there’s no way to accidentally use one on the wrong website.

Not all websites and services accept passkeys but several big players like Apple, Shopify, Microsoft, DocuSign and PayPal do.

Submit a Correction
Accessibility Feedback

Top Stories

House Speaker splits major projects bill for two separate votes, expected Friday

Members of Parliament will hold two separate votes on the government's major projects bill Friday, after the House Speaker ruled the legislation has two distinct parts. Bill C-5, also known as the One...

49m ago

RCMP confirm two dead in Banff National Park rockslide

A second body has been recovered following a rockslide at Bow Glacier Falls in Banff National Park.

9m ago

'The biggest betrayal': A year on, staff grieve Ontario Science Centre's snap closure

TORONTO — In the year since the abrupt closure of the Ontario Science Centre, the cost of a new site at Ontario Place has escalated, its opening date has been pushed back, there is no sign of a temporary...

47m ago

Wanted man in Danforth homicide linked to violent crimes in Durham: police

Toronto police identified a man wanted in a stabbing homicide in the city's east end this week, with the same suspect connected to a string of violent incidents in Durham Region. According to Toronto...

52m ago

Top Stories

House Speaker splits major projects bill for two separate votes, expected Friday

Members of Parliament will hold two separate votes on the government's major projects bill Friday, after the House Speaker ruled the legislation has two distinct parts. Bill C-5, also known as the One...

49m ago

RCMP confirm two dead in Banff National Park rockslide

A second body has been recovered following a rockslide at Bow Glacier Falls in Banff National Park.

9m ago

'The biggest betrayal': A year on, staff grieve Ontario Science Centre's snap closure

TORONTO — In the year since the abrupt closure of the Ontario Science Centre, the cost of a new site at Ontario Place has escalated, its opening date has been pushed back, there is no sign of a temporary...

47m ago

Wanted man in Danforth homicide linked to violent crimes in Durham: police

Toronto police identified a man wanted in a stabbing homicide in the city's east end this week, with the same suspect connected to a string of violent incidents in Durham Region. According to Toronto...

52m ago

Most Watched Today

4:01
Summer arrives with chance of rain and storms

Seasonal temperatures with the chance of showers and a risk of thunderstorms on Friday as summer officially arrives late in the evening.

20h ago

0:43
Missing three-year-old girl from Montreal found alive in Ontario

A three-year-old girl from Montreal that had been missing for nearly a week has been found alive along an Ottawa highway in Ontario.

1:43
Taxi scam in Toronto frauds hundreds of victims, more than $500K in losses

Toronto Police say they have arrested 11 people and continue to search for two suspects linked to a criminal network running taxi scams that have allegedly stolen from more than 300 people.

1:05
TTC streetcar derails off busy intersection blocking commuters

A TTC streetcar derailed off a busy intersection during the morning commute on Dundas Street West & Bathurst Street.

2:17
Temperatures cool down ahead of heat wave

The GTA will see on and off showers throughout Thursday with cooler temperatures, before a heat wave hits the region this weekend.
More Videos