Hacked credentials could give cybercriminals access to Facebook, Meta, and Google accounts, among others.
Internet users should change their passwords after 16 billion logins were exposed
Hacked credentials could give cybercriminals access to Facebook, Meta, and Google accounts, among others
What to do if your email account gets stolen – and how to prevent it from happening again
Internet users have been urged to change their passwords and improve their digital security after researchers revealed the scale of sensitive information – 16 billion login details – potentially available to cybercriminals.
Researchers at Cybernews, an online technology publication, said they found 30 data sets filled with login credentials collected by malicious software known as "infostealers" and leakers.
The researchers said the data sets were exposed "only briefly," but included 16 billion logins with an unspecified number of overlapping records, making it difficult to say for sure how many accounts or individuals were exposed.
According to Cybernews, the credentials could provide access to services such as Facebook, Apple, and Google, although there was no "centralized data breach" at those companies.
Bob Diachenko, the Ukrainian cybersecurity specialist behind the investigation, said the data was temporarily made available after being poorly stored on remote servers before being removed. Diachenko said he was able to download the files and would try to contact the affected individuals and companies.
"It will definitely take some time, as it is a large amount of data," he said.
However, other cybersecurity experts suggested that the data was likely already in circulation and contained multiple iterations.
One expert, speaking on condition of anonymity, said: "We are skeptical about the data, especially about the repetition of the same information. It is difficult to verify without the data."
Diachenko said the information he saw in the hackers' logs included login URLs to Apple, Facebook and Google login pages. Apple and Facebook's parent company, Meta, were contacted for comment.
A Google spokesperson said the data reported by Cybernews did not come from a Google data breach and recommended users use tools like Google Password Manager to protect their accounts.
Internet users can also check if their emails have been compromised in a data breach on the website haveibeenpwned.com. According to Cybernews, the information seen in the data sets followed a “clear structure: URL, followed by login credentials and a password.”
Diachenko said 85% of the data came from information thieves and about 15% from previous data breaches, such as a LinkedIn data leak.
According to experts, the study highlights the need to regularly update passwords and implement strong security measures, such as multi-factor authentication – or combining a password with another form of verification, such as a code sent via SMS from a phone. Other recommended measures include Passkeys, a password-less method supported by Meta, owned by Google and Facebook.
“While there is justified alarm about the sheer amount of data exposed by this leak, it is important to note that this is not a new threat: This data has likely been circulating before,” says Peter Mackenzie, Director of Incident Response and Preparedness at cybersecurity firm Sophos.
Mackenzie says the research highlights the scale of data that online criminals can access.
"What we understand is the depth of information available to cybercriminals."
He added: “It’s an important reminder for everyone to take proactive steps to update passwords, use a password manager, and employ multi-factor authentication to avoid future credential issues.”
Toby Lewis, global head of threat analysis at cybersecurity firm Darktrace, said the data uncovered in the investigation was difficult to verify, but Infostealers – the malware suspected of being behind the data breach – is “very real and being used by bad actors”.
He said: "They don't log into a user's account, but they do collect information from cookies and browser metadata. If you follow good practices like using password managers, enabling two-factor authentication, and reviewing suspicious logins, you shouldn't have much to worry about."
Cybernews said none of the data sets had been previously reported, except for one discovered in May that contained 184 million records. Cybernews called the data sets a “blueprint for mass abuse,” including “account takeover, identity theft, and targeted phishing.”
The researchers added: "The only positive side is that all the data was only exposed for a short time: long enough for researchers to discover it, but not long enough to understand who controls the vast amounts of data."
Alan Woodward, professor of cybersecurity at the University of Surrey, said the news was a reminder to do some “password spring cleaning.” He added: “The fact that everything seems to be breached at some point is why there is such a big push for zero-trust security measures.”/The Guardian
edition
t7 live
