The colossal data breach is said to be one of the largest in history, with users of Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, and GitHub also affected
Users of Apple, Facebook and Google are being told to change their passwords after a record-breaking data leak exposed 16 billion logins.
Researchers say that the breach is one of the largest in history and will affect logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub. Government services in more than 29 countries were also targeted in the attack.
CyberNews researchers found 16billion datasets identified only with names like “login” – which made it difficult to see exactly what they contained.
However, it’s most likely that these were obtained with infostealer malware, which can infiltrate systems and steal sensitive information like login details. The team said that another alternative was that the data was collected by ethical hackers to spot flaws in the system.
This breach shows how an astronomical number of people are likely continuing to use compromised accounts, making them more at risk of cybercrime.
Criminals use personal information to take over accounts, steal identities, and carry out targeted phishing attacks, CyberNews adds.
“This is not just a leak – it’s a blueprint for mass exploitation,” researchers said in their report.
“With over 16billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.
“What’s especially concerning is the structure and recency of these datasets – these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”
CyberNews researcher Aras Nazarovas urged web users to change their passwords and to intall two-factor authorisation on all accounts.
“Some of the exposed datasets included information such as cookies and session tokens, which makes the mitigation of such exposure more difficult,” he said.
“These cookies can often be used to bypass 2FA methods, and not all services reset these cookies after changing the account password.
“Best bet in this case is to change your passwords, enable 2FA, if it is not yet enabled, closely monitor your accounts, and contact customer support if suspicious activity is detected.”
This is a breaking news story. Follow us on Google News, Flipboard, Apple News, Twitter, Facebook or visit The Mirror homepage.
