Cybernews researchers have urged internet users to change their passwords and improve their digital security after claiming that 16 billion login records may be accessible to cybercriminals, as reported by The Guardian.
According to the researchers, the 30 datasets with credentials, reportedly harvested from malicious software known as “infostealers” and leaks, were “only briefly” exposed. However, since some of the data were overlapping, it’s hard to know exactly how many accounts or people were affected in the 16 billion exposed login records. Cybernews said the records followed a clear structure—URL, login details, and password.
They noted that the credentials could give access to platforms like Facebook, Apple, and Google, although there was no centralised data breach at those companies.
Bob Diachenko, the cybersecurity specialist behind the research, said the datasets were briefly available after being poorly stored on remote servers but were later taken down. He said he managed to download the files and plans to notify affected individuals and companies, though he noted the scale of the data makes it a slow process. Meanwhile, other experts believe much of the data may have already been circulating online and likely includes repeated entries.
An expert who asked not to be named said they were sceptical about the data, especially how much of it may just be repeated information. “It’s difficult to verify it without having the data,” he added.
Mr Diachenko said the logs he reviewed included login URLs linked to Apple, Facebook, and Google. While Meta and Apple have not yet commented, a Google spokesperson clarified the data did not come from a Google data breach and advised users to protect their accounts using tools like its password manager.
Peter Mackenzie, cybersecurity firm Sophos’ director of incident response and readiness, added that while the huge data exposed can be startling, it is important to note that the threat is not new. “This data will have already likely have been in circulation,” he said.
He also advised everyone to take proactive steps by updating their passwords, using a password manager, and turning on multifactor authentication to avoid credential issues in the future.
Meanwhile, Toby Lewis, cybersecurity firm Darktrace’s global head of threat analysis, said, “If you’re following good practice of using password managers, turning on two-factor authentication and checking suspicious logins, this isn’t something you should be greatly worried about.”
Cybernews said the datasets they found, made up of around 85% infostealers and 15% from past data breaches, had not been reported before, except for one revealed in May with 184 million records. The researchers described the exposed data as a “blueprint for mass exploitation”, warning of risks like identity theft, account takeovers, and targeted phishing attacks.
Cybernews said internet users can check if their email has been compromised by visiting haveibeenpwned.com. /TISG
Read also: APAC financial sector top target for volumetric DDoS attacks in 2024, report finds
Featured image by Depositphotos (for illustration purposes only)