Much of the data is believed to have been obtained through so-called “infostealers” –malicious software designed to infiltrate devices and extract sensitive information such as login credentials
A staggering 16 billion login credentials have been leaked and compiled into online datasets, giving cybercriminals “unprecedented access” to accounts used by consumers on a daily basis, according to cybersecurity outlet Cybernews.
In a report published this week, Cybernews researchers revealed they had discovered 30 separate datasets exposed online, collectively containing the compromised credentials. The trove includes login details for major platforms such as Google, Facebook, and Apple.
Given that the figure is roughly double the global population, the researchers explained that many users likely had credentials for multiple accounts leaked. However, Cybernews noted that due to duplicate entries within the data, it’s impossible to determine the exact number of individuals or accounts affected.
The leak is not the result of a single breach but appears to be the outcome of multiple cyberattacks over time. The stolen data was compiled and briefly made publicly accessible before Cybernews identified and reported it.
Much of the data is believed to have been obtained through so-called “infostealers” –malicious software designed to infiltrate devices and extract sensitive information such as login credentials.
The report comes amid a recent surge in sophisticated cyberattacks. Earlier this month, two major insurers, Erie Insurance and Philadelphia Insurance Companies, disclosed that their networks had been breached. Just last week, Aflac also confirmed a cyberattack that exposed personal information belonging to its customers.
Experts urge vigilance and cyber hygiene
With the source and current handlers of the leaked credentials still unknown, cybersecurity experts are urging the public to practice good “cyber hygiene” to protect their digital identities.
Among the top recommendations:
- Change your passwords, especially if you suspect they may have been compromised.
- Avoid reusing the same password across multiple sites.
- Use a password manager or passkey system to generate and store strong, unique passwords.
- Enable multifactor authentication (MFA) for added security — this can involve a secondary verification step via phone, email, or a physical security key.
Subscribe to our Newsletter
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.
