Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
Tuesday 24 June 2025 11:47 am  |  Updated:  Tuesday 24 June 2025 12:46 pm

This is why billions of passwords were leaked in Apple and Google breach

By: Saskia Koopman

Tech Reporter

Add as a preferred source on Google
Apple launched a legal challenge to the Tribunal in March against a Home Office order to create back-door access to the US technology company’s most secure cloud storage systems.
Apple’s move also follows a bruising week for global technology stocks

A trove of around 16bn passwords and usernames linked to major online platforms – including Apple, Google, Facebook, Microsoft and dozens of government services – has surfaced online, in what researchers are calling one of the largest known compilations of stolen credentials.

Initial reports caused confusion, suggesting direct breaches of platforms like Apple and Google.

However, cybersecurity analysts have clarified that the leak appears to be a large-scale aggregation of previously compromised data, much of it recently harvested through malware known as “infostealers”.

These lightweight programs are typically installed on personal devices without detection and are designed to extract login credentials, browser autofill data, and other sensitive user information.

“This breach does not involve outdated or recycled data”, argued Marko Maras, chief executive of fraud prevention firm Trustfull. “It’s fresh and actionable. That significantly increases the risk of phishing attacks and account takeovers”.

The data was compiled from multiple smaller breaches and information-stealing incidents, then consolidated into large datasets by cybercriminal groups.

In total, the breach affects a broad range of services, from commercial platforms like PayPal, Roblox and Discord, to government portals in more than 29 countries.

A weak system

What has drawn concern from security professionals is not only the volume of the data, but the visibility it gives into widespread vulnerabilities in current authentication models – particularly those that still rely primarily on passwords.

While enabling two-factor authentication, or 2FA, remains standard advice in the wake of a breach, Maras believes the situation reflects a broader issue with traditional login systems.

“Passwords and 2FA are visible points in the authentication process. and users often push back against friction”, he said. “There are other signals that can be used silently in the background to verify identity”.

Such “silent signals” include typing cadence, mouse movement patterns, and network indicators like VPN.

Read more

Musk brands UK a ‘police state’ as Big Tech rebels against Starmer’s social media ban

Getty Images logo on a digital screen, symbolizing media and photography industry presence in news and business contexts

These behavioural and environmental cues are increasingly being used in fraud detection systems, particularly in the finance and payments sectors, to identify suspicious activity without requiring active input from users.

According to recent research from Cybernews, the source of the leak is not a single point of failure, but rather a coordinated packaging of data stolen via infostealer malware, credential stuffing attacks, and previously compromised databases.

One of the largest subsets of the data includes over 3.5bn entries believed to be linked to Portuguese-speaking users.

Phishing risks rise

Some experts have warned that users are now exposed to a secondary wave of risk, under the form of phishing and impersonation.

Bad actors are expected to exploit the news of the vast breach itself, using various branded emails and messages from firms like Apple or Google to prompt password resets – and trick recipients into handing over even more data.

The FBI has issued reminders that major tech firms do not reach out unsolicited to request password resets or account recovery.

Any such emails, texts or calls should be treated as suspicious.

There is no evidence so far of a breach in Apple, Google, or Facebook’s internal systems. Rather, the inclusion of their login pages in infostealer logs reflects how widely used these services are – and how frequently their credentials are stored, entered or reused.

For businesses and individuals alike, the breach offers another reminder to reassess basic digital hygiene.

“Security doesn’t need to be synonymous with friction”, said Maras. “Signals exist in the background that platforms can use – they just need to be deployed more widely”.

Read more

Apple claims CMA app store shake-up could ‘open the door to scams’

Apple App Store with UK flag and warning sign about potential scams due to proposed CMA competition reforms

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Tech
  • Business

People & Organisations

  • Apple
  • Cyber
  • data breach
  • Google
  • Microsoft
  • phishing

Related Topics

  • Tech

Trending Articles

  • Burnham tax plans spark investor rush to bank capital gains

  • Nothing fails to file accounts months after dissolution threat

  • Cruyff turn: Starmer allows pubs to stay open for England World Cup game

  • I’ve taken the best train trips in the world. Here are my 5 favourites

  • PwC joins the Canary Wharf crowd in major property shake-up

More from City PM

  • Musk brands UK a ‘police state’ as Big Tech rebels against Starmer’s social media ban

    Tech
    Getty Images logo on a digital screen, symbolizing media and photography industry presence in news and business contexts
  • Apple claims CMA app store shake-up could ‘open the door to scams’

    Tech
    Apple App Store with UK flag and warning sign about potential scams due to proposed CMA competition reforms
  • Starmer’s social media restrictions will mean the government can spy on every phone

    Opinion
    Keir Starmer at tech event discussing innovation and policy, surrounded by tech leaders and digital displays
  • Endava Partners with Wiz to Deliver Integrated Cloud Security for Enterprise AI Adoption

    Business Wire
  • Google ‘disappointed’ as Youtube swept into UK social media ban

    Tech
    YouTube's All-Party Parliamentary Group for creators will act as a formal bridge between policymakers and the country’s growing creator industry.
  • Starmer vows to end system ‘failing our kids’ ahead of expected social media ban

    Politics
    Keir Starmer speaking at London Tech Week conference, discussing innovation and technology advancements in the UK.
  • Controlling the sprawl of shadow AI

    Partner
    UK initiative to manage AI expansion, showcasing technology control measures in urban settings
  • VPN demand rockets as UK prepares for under-16 social media ban

    Tech
    Getty Images logo on a digital screen, symbolizing media and photography industry presence in news and business contexts

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy