A report that independent cybersecurity news outlet Cybernews published on Wednesday claimed 16 billion login credentials were exposed and compiled into datasets online, giving cybercriminals access to accounts on such online platforms as Google, Apple and Facebook.
CBC News was unable to independently verify the report, but cybersecurity experts say the incident is yet another reminder for people to regularly change their passwords and not use the same one for multiple platforms.
“About three or four times a year, take those passwords that are especially in the social platforms that you use, the places you like to go, and just change those passwords and keep them fresh,” Enza Alexander, executive vice-president of ISA Cybersecurity in Toronto, said.
“Don’t reuse what you used before. Use [passwords] that have characters and numbers and that are very unique.”
Alexander acknowledged this can make them harder to remember, but cycling passwords on the different platforms you use makes it harder for cybercriminals to access your accounts and find indicators of your identity.
Cybernews said that duplicate records are likely to be present in the datasets, meaning it’s “impossible” to determine the exact number of people whose credentials might have been exposed in the leak.
The leaked records don’t appear to come from a centralized breach that targeted a specific company but rather a compilation of datasets containing login credentials that were gathered over time.
Cybernews said in its report that various infostealers are likely behind it. Infostealers are a form of malicious software that breaches a victim’s device or systems to take sensitive information.
A Google spokesperson said in a statement to CBC News that the issue did not stem from a Google data breach.
Bob Diachenko, a cybersecurity researcher and Cybernews contributor who was involved in reporting the leak, posted on social media platform X noting that there was no single source of the leak.
“What this number reflects is the size of different infostealers logs exposed publicly since the beginning of this year alone,” Diachenko said in the post, adding that the leak signifies the large scale of “infostealers infections” today.
Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But as data breaches become increasingly common in today’s world, experts continue to stress the importance of maintaining key “cyber hygiene.”
