Your private data is on the dark web. Protect yourself before you're targeted.

Password leaks are nothing new in the digital age, where hackers constantly look for ways to steal personal data, but this latest bombshell is the worst since the massive data breach in 2024 that exposed up to 26 billion login credentials worldwide. Here are the details and what you can do to keep your accounts safe.

Millions of login credentials exposed

In late January, a cybersecurity researcher at ExpressVPN stumbled upon a database containing 149,404,754 unique logins and passwords for a wide range of accounts, including Google, X, iCloud, Outlook, and more. The cloud repository was publicly available and unprotected, giving clever internet sleuths unbridled access, as long as they knew where to look. While most of the login data consisted of average consumer accounts, there were also some credentials that belonged to undisclosed government officials, signaling a potential national security risk if any of those accounts led to confidential information. Lastly, the researcher found some data pointing to banks, crypto wallets, and other financial services.

You’ll need to set up a system to protect your identity.

It’s important to note that the uncovered database is not a new data breach in itself. However, the compiled information is likely the result of a breach in the past.

Was your information included in the database?

The dark web is bursting with stolen information, and thanks to the great data leak of 2024, chances that at least one of your accounts is out there for bad actors to find is probable. They called it “the mother of all breaches” — a digital mass exposure event containing 26 billion records around the globe, including login credentials, Social Security numbers, bank account numbers, email addresses, and tons more. Virtually everyone on the planet was wrapped up in the chaos.

Fast-forward to 2026. Whether or not your data was nestled in this newly discovered database is irrelevant, because at some point in time, your data was exposed, and it’s probably still out there, waiting to be exploited.

How to protect yourself and your stolen data

The good news is that there are several things you can do to shore up the security on your accounts and keep a watchful eye out for any suspicious activity.

RELATED: How to stop Microsoft from letting the government see everything on your computer

Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images

Tips to keep your passwords safe, no matter what

The first thing you’ll want to do is take back control of your login credentials and passwords. To be safe, follow these quick tips:

• Always use a complex password composed of a string of numbers, letters, and characters. Avoid common words or phrases. The more nonsensical the password is, the better. This makes your passwords more difficult to guess or hack with brute-force tactics.
• Keep your passwords in a trusted password manager. Apple and Google both include native password managers in iOS and Android. If you’re not using these already, now is a great time to start.
• Change your passwords regularly (every three to six months), especially for your most important accounts, like your bank and email addresses.
• Always enable 2FA when available. This ensures that the person logging into your account needs your password and your phone to get through.
• Enable passkeys on every account that supports them. Passkeys are more secure than typical passwords, nullifying phishing scams, brute-force access, and server breaches.

Ways to protect your identity

Second, you’ll need to set up a system to protect your identity. While it’s a little trickier to interrupt an active identity theft attempt, there are some things you can do to detect a problem as soon as it strikes.

• Monitor your credit score with a free credit score app. Some apps, like Credit Karma, give you regular score updates and will tell you when a new line of credit has been opened in your name, a telltale sign of bad actors trying to leverage your good credit.
• Enlist the help of an identity theft protection service. These companies monitor the web for you, scanning every nook and cranny for fraudulent activity carried out with your information.
• While you’re at it, a home title fraud protection service may also be a good idea to make sure that bad actors don’t try to steal the deed to your property. It’s crazy, but it happens, and homeowners usually don’t know about it until it’s too late.

Never assume you’re safe

There have been so many private information breaches in recent history that you should never assume you’re safe or exempt. Your personal and private data is out there, it is accessible, and it could be exploited at any moment. Instead of waiting for the shoe to drop, take the steps above to ensure that you, your accounts, and your credentials are always up to date and protected. After all, it’s easier to thwart cyber criminals up front than it is to undo the damage done after a successful hack.