According to online reports, the Cybernews research team disclosed that 16 billion login credentials from online service providers such as Apple, Google, and Facebook were leaked, of which the maximum number of records in a single database alone reached 3.5 billion. Researchers found that this data was mainly exposed through unencrypted Elasticsearch or object storage instances, and the leaked data included access tokens, session cookies, and account metadata stolen by information-stealing malicious programs. The identity of the original holder of the data is not yet clear, but researchers have confirmed that some databases may belong to cybercriminal organizations. Attackers could use leaked credentials to initiate targeted account takeovers, especially on platforms hosting wallets or associated mailboxes. Security experts advise users to update passwords immediately, enable two-factor authentication, and avoid storing recovery phrases in insecure digital environments.