Cybersecurity researchers have confirmed a massive data breach involving 16 billion login credentials, including passwords. The information could be used by various online services, including Apple, Facebook, Google, GitHub, Telegram, and government services. The researchers discovered 30 datasets, each containing up to 3.5 billion records, since 2025. These credentials could be exploited for phishing campaigns, account takeovers, and business email compromise attacks. Google has advised users to upgrade their Gmail accounts to passkeys and social sign-ins for better control and protection from scams. Passkeys are biometric authentication methods that can be used to unlock devices, making them "phishing resistant".