Researchers revealed what might be the biggest collection of stolen login credentials ever gathered in one location sometime in the middle of 2025. A compiled dataset, organized and searchable, contains about 16 billion records, including usernames, passwords, account details scraped from infostealer malware, phishing operations, and years of accumulated breach archives, covering accounts across Google, Apple, Meta, and dozens of other platforms. There was no significant zero-day exploit. No advanced nation-state assault. Just the patient, quiet harvesting of a system that was based on shared secrets and never sufficiently considered what would happen if those secrets were no longer kept secret. It wasn’t a particularly bad password. It failed gradually at first, then all at once, much like a slow leak eventually floods a basement.


More

Bleeping Computer: Bitwarden adds support for passkey login on Windows 11

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager’s…

Read More →

Biometric Update: NFC-based IDV with liveness delivers zero fraud, fewer support calls for BankID Norway

With 4.7 million enrolled users in a country of roughly 5.6 million people, BankID Norway is one…

Read More →

Yahoo! Finance: Yubico Unveils “YubiNation Partners”: A New Era of Global Channel Partnership to Secure Digital Identities in the Age of AI

Yubico, a modern cybersecurity company and creator of the most secure passkeys, today announced the…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.