Cybersecurity researchers have discovered what they’re calling the “mother of all breaches,” involving 30 databases containing over 16 billion individual records with passwords for major platforms including Apple, Google, Facebook, Telegram, and government accounts worldwide.

The massive collection was uncovered by researchers at Cybernews, who found the databases briefly accessible on the internet before being secured.

The records appear to have been compiled primarily by cybercriminals using info-stealing malware, though some data may have originated from “white hat” hackers.

A sample analysis of 10,000 stolen accounts revealed 220 email addresses with .gov domains from over 29 countries, including the United States, United Kingdom, Australia, Canada, China, India, Israel, and Saudi Arabia.

Security researcher Jeremiah Fowler, who initially discovered a 184-million-record subset in May, described the breach as presenting major national security risks.

“This is probably one of the weirdest ones I’ve found in many years,” Fowler told WIRED.

“As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list.”

The 47 gigabytes of exposed data included sensitive information for accounts on Instagram, Microsoft, Netflix, PayPal, Roblox, and Discord.

Researchers noted that some databases contained vague labels like “logins” or “credentials,” making it difficult to determine exact contents and origins.

With over 5.5 billion internet users globally, researchers warn that a significant portion of the world’s online population likely had at least some accounts compromised in this breach.

The unprotected database was managed by World Host Group, a web hosting and domain provider founded in 2019 that operates over 20 brands globally.

After Fowler confirmed the exposed information was genuine and reported the breach, World Host Group shut down database access.

“It appears a fraudulent user signed up and uploaded illegal content to their server,” said Seb de Lemos, CEO of World Host Group, speaking to WIRED.

Cybernews researchers emphasised the particular danger posed by the combination of old and recent info-stealer logs, especially for organisations lacking multi-factor authentication or proper credential hygiene practices.

The team warned that new massive datasets emerge every few weeks, highlighting the prevalence of info-stealing malware.

Security experts strongly urge all users to immediately change passwords for affected platforms and enable two-factor authentication, which provides additional security by sending verification codes to phones or email addresses.

The stolen data could potentially be weaponised for large-scale phishing campaigns, using compromised accounts to target additional victims and potentially gain access to sensitive government or corporate systems.

Fowler noted that exploiting government email accounts could provide hackers and foreign agents access to sensitive or classified systems, representing a significant national security concern beyond individual privacy breaches.