In June 2025, cybersecurity researchers uncovered one of the largest credential leaks, with over 16 billion logins.
Scale of the password leak
The leak occurred not due to a random breach, but rather due to years of work by malware that harvested data from user devices. Many of these credentials are still valid today. The leak affected platforms such as Google, Apple, Facebook, Telegram, and GitHub. Some data sets contain up to 3.5 billion records.
Issues with traditional authentication systems
The breach highlights fundamental weaknesses in traditional identity systems. Most people reuse passwords, which risks compromising all their accounts. The data also includes session tokens that grant access to already authenticated accounts, making it easier for attackers to steal personal data and finances.
Prospects of blockchain identity
In light of rising breaches, experts are calling for blockchain-based solutions. Decentralized identity systems allow users to own their information while minimizing hacking risks. Currently, such systems are being piloted in several countries, including the EU and South Korea.
The 16 billion password leak raises questions about the reliability of existing security systems. Transitioning to blockchain identity could be a crucial step in safeguarding personal data.
