A massive breach has resulted in the leak of billions of passwords, which experts have described as ‘weaponizable intelligence’.
Data breaches have plagued numerous platforms over the years, often resulting in the loss of passwords, account control, and financial information.
This latest breach may be the most significant on record. Cybernews researchers have reported that 16 billion passwords associated with accounts from big names like Apple, Facebook, and Google, as well as government services, have been exposed.
The compromised login credentials and passwords are a cause for concern. Following this, Google urged its users to change their passwords to prevent potential hacking incidents.
Previously, the FBI had issued a warning to Americans about clicking on suspicious SMS links, as reported by Forbes, which could be phishing scams aimed at stealing sensitive device information.
The Cybernews team highlighted that they discovered ’30 exposed datasets containing from tens of millions to over 3.5 billion records each’. Notably, one of these datasets had not been previously reported as compromised.
The breach includes newly exposed data, raising alarms.
Researchers stressed: “This is not just a leak – it’s a blueprint for mass exploitation.
“These aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.”
Most of the leaked information consists of URLs, along with users’ login and password details, enabling hackers to infiltrate ‘pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services’.
Unfortunately, the datasets were accessible only ‘briefly’, making it difficult for researchers to pinpoint who controlled the data.
They discovered multiple actors involved in the leak but couldn’t confirm the exact number of people or accounts affected by cybercriminals.
Users are advised to take precautionary measures, including investing in protective software and refraining from sharing passwords. This breach poses a significant threat to those with sensitive data linked to their logins.
With millions of stolen passwords now available for purchase on the dark web, Google recommends that users adopt secure passkeys to safeguard their accounts and data.
Darren Guccione, CEO and co-founder of Keeper Security, stated to Forbes that the password leak highlights ‘just how easy it is for sensitive data to be unintentionally exposed online’.
He noted: “The fact that the credentials in question are of high value for widely used services carries with it far-reaching implications.”
Cybernews researcher Aras Nazarovas pointed out that the way infostealers accessed such a vast amount of data marks a new phase in cyber crime evolution.
“The increased number of exposed infostealer datasets in the form of centralized, traditional databases, like the ones found by the Cybernews research team, may be a sign that cybercriminals are actively shifting from previously popular alternatives such as Telegram groups, which were previously the go-to place for obtaining data collected by infostealer malware,” Nazarovas explained.
He recommends that users enable two-factor authentication on their platforms and update their passwords in case their data has been compromised.