16 Billion Passwords: Was your data breached?

Last week, several major outlets reported what may be the largest password leak ever recorded. Researchers have confirmed that nearly 16 billion login credentials have been exposed, an almost unimaginable number.

This revelation is part of an ongoing investigation that began earlier this year. Experts believe the leak may be the result of multiple infostealers (malware designed to harvest personal information) working in tandem. But here’s the key: not all leaked data is from recent breaches. Cybercriminals are increasingly compiling old leaks into huge mega-dumps, making them easier to buy, sell, or exploit online. As Mashable noted in their roundup of 2025’s top cybersecurity breaches, this trend is accelerating in the dark corners of the web.

With so many credentials exposed, the odds that your information may end up in the wrong hands is high. Here’s what you need to know, and how to protect yourself.

How to know if your data has been stolen?

If a data breach happens and your data has been compromised, companies are legally required to notify you. However, as we mentioned above, not all stolen data comes as the result of a recent cybersecurity breach.

However, if you want to be on the safe side:

Check the free website Have I Been Pwned?: This website checks if your data was breached and which companies were affected.
Lookout for unusual activity on your accounts: Unusual transactions on your bank account, password reset requests you didn’t request or a sudden (inexplicable) drop in your credit score

What to do to keep your accounts as safe as possible?

- Change your email passwords as soon as possible: a lot of accounts will require an email code or link to login. If your email address is compromised, it can open the door to all your other accounts being compromised as well
- Activate the Two Factor Authentication (2FA): Add this extra layer of protection wherever possible – whether via text, email, or an authenticator app.
- Enable passkeys: Platforms like Google, Facebook, and Apple now support passkey login options that are more secure and phishing-resistant than passwords.

Victim of data breaches by gambling companies?

If you were, you could be eligible for compensation with Barings Law, our recommended provider. You can also check our Free Guide to learn how to complain about data breaches.

Start your claim

What if your data was misused and not breached?

Not all cases involve hackers and breaches. If you received a notification from Google, Microsoft, or another company that your data was misused or mishandled, even if no breach occurred, you could still be eligible to claim.

Read our latest article about Data Breaches vs Data Misuse.

Data misuse might involve:

Personal data being shared without consent
Inappropriate access or processing
Being impacted by company practices that violated data protection laws

Dataclaims can support claims like these especially if you have documentation such as a notice from the company, or experienced unusual activity following the misuse.

Start your claim

If you have any thoughts on this topic, or any other consumer issues you would like us to cover, feel free to get in touch with us at support@resolver.co.uk.