In a recent discovery, cybersecurity experts at Cybernews have found that billions of login credentials have been leaked and are being compiled into datasets available online, granting cybercriminals “unprecedented access” to numerous consumer accounts used daily.
According to a report released this week, Cybernews researchers uncovered 30 datasets, each containing a vast number of login details, which together amount to approximately 16 billion compromised credentials. These credentials include user passwords for various popular platforms such as Google, Facebook, and Apple.
The staggering figure of 16 billion is nearly double the global population, suggesting that consumers may have had credentials for multiple accounts compromised. However, Cybernews acknowledges that there are likely duplicate entries within the data, making it challenging to determine the exact number of individuals or accounts affected.
Notably, the leaked login information does not originate from a single source or breach targeting one company. Instead, the data appears to have been extracted through a series of breaches over time and then compiled and momentarily made accessible to the public, which is when Cybernews’ team detected it.
The cybersecurity firm attributes the leaks predominantly to various forms of malware known as infostealers. Infostealers are a type of malicious software designed to infiltrate a victim’s device or systems, with the goal of extracting sensitive information.
While the fate of these leaked credentials remains uncertain, as data breaches become increasingly frequent in today’s digital landscape, experts continue to emphasize the necessity of practicing good “cyber hygiene.”
If there is a concern that your account information may have been compromised in a recent breach, a primary step is to change your password. Additionally, to avoid putting multiple accounts at risk, it’s crucial not to use identical or similar credentials across different platforms. For handling numerous passwords, a password manager or passkey can be beneficial. Implementing multifactor authentication also provides an extra layer of security, utilizing methods such as phone, email, or USB authenticator key verification.