New York, Jun 21: Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals “unprecedented access” to accounts consumers use each day.
According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials. That includes user passwords for a range of popular platforms including Google, Facebook and Apple.
Sixteen billion is roughly double the amount of people on Earth today, signaling that impacted consumers may have had credentials for more than one account leaked. Cybernews notes that there are most certainly duplicates in the data and so “it’s impossible to tell how many people or accounts were actually exposed”.
It’s also important to note that the leaked login information doesn’t span from a single source, such as one breach targeting a company. Instead, it appears that the data was stolen through multiple events over time, and then compiled and briefly exposed publicly, which is when Cybernews reports that its researchers discovered it.
Various infostealers are most likely the culprit, Cybernews noted. Infostealers are a form of malicious software that breaches a victim’s device or systems to take sensitive information.
Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But, as data breaches become more and more common in today’s world, experts continue to stress the importance of maintaining key “cyber hygiene”.
If you’re worried about your account data potentially being exposed in a recent breach, the first thing you can do is change your password — and avoid using the same or similar login credentials on multiple sites.
If you find it too hard to memorise all your different passwords, consider a password manager or passkey. And also add multifactor authentication, which can serve as a second layer of verification through your phone, email or USB authenticator key.(AP)
