Research from Cybernews indicated that 16 billion passwords were exposed in what was reportedly the world’s largest data breach to date — however, some experts are questioning these claims. 

While the initial research asserted that the 16 billion exposed credentials were not merely recycled from past data breaches, some question the validity of this statement. According to CyberScoop, some experts have “outright disputed those claims or questioned the data and analysis the assertion was based upon” and criticize the research as a “sensational claim.” 

Bob Diachenko, who is credited with discovering the alleged credential breach, reportedly confirmed in a comment to CyberScoop that “the data was cumulative records discovered since the beginning of the year and not reflective of a singular data breach.”

Nevertheless, CyberScoop does not entirely dismiss the possibility that many of the reportedly exposed credentials are truly leaked. 

The article asserts, “While the report’s findings are questionable, it’s not a stretch to assume most credentials have already been stolen in one form or another. Passwords haven’t been fit for purpose for a long time, and stories like this underscore the importance of multifactor authentication and passwordless authentication methods.”