ActNow! 16 Billion Google, Apple, Facebook And Other Passwords Leaked

[thumbtak]

ActNow! 16 Billion Google, Apple, Facebook And Other Passwords Leaked

If you thought that the May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here’s what you need to know and do.

Is This The GOAT When It Comes To Passwords Leaking?

Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It’s why Google is telling billions of users to replace their passwords with much secure passkeys. It’s why the FBI is warning people not to click on links in SMS messages. It’s why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it’s why this latest revelation is, frankly, so darn concerning for everyone.

According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit. These collections of login credentials, these databases stuffed full of compromised passwords, comprise what is thought to be the largest such leak in history.

The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors. Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception.

“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. “These aren’t just old breaches being recycled,” they warned, “this is fresh, weaponizable intelligence at scale.”

Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”

Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. “Organisations need to do their part in protecting users,” Javvad Malik, lead security awareness advocate at KnowBe4, said, “and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi factor authentication wherever possible.”

To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don’t wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.

Quoted:

https://alienskills.com/contents/ActNow16BillionGoogl_1750284334294.html

[thumbtak]

Protecting Yourself from Password Leaks

1. Check if your information has been compromised:

• Have I Been Pwned? This website (haveibeenpwned.com) is a reliable resource. You can enter your email address to see if it has appeared in any known data breaches. It’s a good first step to assess your risk.
• Password Manager Alerts: Many password managers (like LastPass, 1Password, Bitwarden) have built-in features that notify you if any of your stored passwords have been found in data breaches.
• Browser-based checks: Some browsers, like Google Chrome and Firefox, can also check your saved passwords against known breaches.

2. Immediate Action if Compromised:

• Change Passwords IMMEDIATELY:
  • Change the password for any account that was explicitly mentioned in the breach or any account that used the same (or very similar) password as one found in a leak.
  • Do not reuse passwords! This is the most crucial rule. If you use the same password for multiple accounts and one gets leaked, all those accounts are at risk.
  • Create strong, unique passwords for every single online account. Aim for at least 12-16 characters, using a mix of uppercase and lowercase letters, numbers, and symbols.
• Enable Two-Factor Authentication (2FA) / Multi-Factor Authentication (MFA): This adds an extra layer of security. Even if someone has your password, they won’t be able to log in without the second factor (e.g., a code sent to your phone, a fingerprint scan, or an authenticator app). Enable this on all your accounts, especially email, banking, and social media. Avoid SMS-based 2FA if possible, as it can be vulnerable to SIM swapping attacks. App-based authenticators or hardware keys are generally more secure.
• Monitor Financial Accounts and Credit Reports:
  • Keep a close eye on your bank statements and credit card activity for any suspicious transactions.
  • Get free credit reports from the three major credit bureaus (Experian, Equifax, TransUnion) at AnnualCreditReport.com. Check them regularly for any accounts opened in your name that you don’t recognize.
  • Consider placing a fraud alert or a credit freeze on your credit reports. A credit freeze is the strongest measure, as it prevents new credit from being opened in your name without your authorization.

3. Ongoing Protection:

• Use a Password Manager: This is highly recommended. Password managers securely store all your unique, strong passwords, generate new ones, and can often alert you to breaches.
• Be Wary of Phishing and Scams: After a data breach, attackers often use the leaked information to create more convincing phishing emails or social engineering attempts. Be extremely cautious about clicking on links or providing personal information in emails or messages, even if they seem to be from a legitimate company. Always go directly to the official website if you need to log in or verify information.
• Update Software Regularly: Keep your operating system, web browsers, antivirus software, and all other applications updated. Software updates often include security patches that fix vulnerabilities.
• Review Privacy Settings: Periodically review the privacy settings on your social media and other online accounts to limit what information is publicly visible.

[thumbtak]

[Author]

Posts