The leak exposed 16 billion login credentials and passwords, prompting both Google and Apple to tell billions of users to change their passwords and the FBI to warn Americans against opening suspicious links in SMS messages, according to a report published Thursday in Forbes.
Researchers at Cybernews, who have been investigating the leak, found “30 exposed datasets containing from tens of millions to over 3.5 billion records each.”
All but one of these datasets have not been previously reported as being exposed, so the data impacted is all considered new.
“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. “These aren’t just old breaches being recycled,” they warned, “this is fresh, weaponizable intelligence at scale.”
Most of that intelligence was in the format of a URL, followed by logins and passwords. That information then allowed access to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”
While worrisome, the researchers found that the datasets were exposed very briefly – with enough time for them to be discovered, but not long enough for researchers to figure out who was controlling the data.
Researchers have determined the leak is the work of multiple infostealers, but it’s impossible to tell how many people or accounts were exposed, according to Cybernews.
The experts urge people to invest in password management solutions, not share their passwords and to stay alert in the event their passwords are compromised.
The data appears to contain URLs, usernames and passwords. However, with the huge amount of data that’s been exposed, there’s no way to tell how many accounts are under threat.
The best way to keep your account secure is to enable two-factor authentication.
This will stops information thieves from easily accessing your online accounts, as a second form of authentication through an app, phone, or passcode will need to be approved by you.
If you’re notified that your personal information was exposed in a data breach, you should change your passwords, add a fraud alert to your credit reports and consider placing a security freeze on your credit reports.
We can check to see if your email is in the clear or not. Antivirus venders also provide this service in their more expensive packages. If you are at risk, immediately change your password, delete unused accounts and use two-factor authentication.
I checked my personal email and found it has been exposed 5 times from 5 breaches. Including one exposed password.
We recommend that you invest in Dark web monitoring, password management solutions, and to secure your accounts by enabling two-factor authentication. Refrain from sharing your passwords and to remain vigilant in case your passwords are compromised.
Please contact us if you need any advice or support