16 billion passwords leaked in massive data breach
16 billion passwords leaked
Now, it might be time to change your social media passwords. A record breaking data leak has exposed over 16 billion login credentials from major online platforms including Apple, Google, Facebook, GitHub, and Telegram. And this is according to a report by Forbes. The breach was uncovered by Cyber News, which analyzed about 30 newly surfaced data sets. Each database contains about 16 million to about 3.5 billion records with most averaging about 550 million entries.
Apple, Google, Facebook, and Telegram Affected by Credential Leak
Notably, only one of these data sets 184 million credential leak had been previously reported and the rest are believed to be fresh and highly exploitable. Now, these data sets include not just passwords, but also cookies, tokens, and metadata, making them especially dangerous for users and organizations relying on weak authentication methods. The leaked data reportedly came from unsecured elastic search and object storage instances likely operated or compromised by cyber criminals.
Leaks Include Passwords, Cookies, Tokens, and Metadata
Now, cyber security experts have linked the breach to multiple info steelers, malware designed to extract sensitive data from infected devices. And the stolen credentials offer access to nearly every kind of online service imaginable from social media accounts and developer portals to government services.The biggest concern, of course, lies with crypto users. Many custodial wallets and cloud-based seed phrase backups are tied to email credentials, making them vulnerable to account takeovers and potential asset loss. Now, experts are warning that this breach could lead to a surge in fishing account hijacking and identity theft, especially in sectors like crypto, finance, and cloud-based services.
FBI and Google Recommend Passkeys and Two-Factor Authentication
The FBI and Google are now urging users to replace their traditional passwords with pass keys and to immediately enable two factor authentication. Organizations are advised to audit their access protocols, revoke compromised credentials, and also inform users of potential risk. As researchers put it, this isn’t just a breach, it’s a blueprint for global cyber exploitation.
