It was a hack attack of epic proportions.
Fresh off last month’s massive password hack, there’s been another major dataset exposure. A staggering 16 billion passwords have been leaked across multiple platforms in what techsperts are calling the largest data breach in history.
Cybernews researcher Vilius Petkauskas, whose team has been investigating the online theft since the beginning of the year, told Forbes that the breach comprised “30 exposed datasets containing from tens of millions to over 3.5 billion records each.”
The compromised info potentially affected millions of users and included logins to social media, VPNs and user accounts for tech giants including Apple, Facebook and Google.
Researchers claim that the ill-gotten intel — which generally featured a URL, followed by login credentials and a password — could potentially grant cybercriminals access to “pretty much any online service imaginable.”
That includes everything from the previously mentioned social-media platforms to “GitHub, Telegram and various government services,” they said.
According to Lawrence Pingree, a vice president at the security firm Dispersive, bad actors accumulate compendia of stolen credentials on the “dark web,” offering thieves the chance to purchase the pilfered info and use it for identity theft, fraud and blackmail.
To make matters worse, these aren’t just “old breaches being recycled” but rather “fresh, weaponizable intelligence at scale,” researchers warned.
“This is not just a leak – it’s a blueprint for mass exploitation,” they declared.
George McGregor, vice president of mobile app security platform Approov vice president said this massive dataset exposure could result in “a cascade of potential cyberattacks and significant harm to individuals and organizations.”
The mega-breach is particularly concerning as not all the passwords were procured via infostealing software used to breach cybersecurity systems, but rather carelessness on the users’ part.
Darren Guccione, the CEO and co-founder of access management site Keeper Security, told Forbes that the leak illustrates “just how easy it is for sensitive data to be unintentionally exposed online.”
In fact, myriad unprotected credentials could be sitting on the cloud like sitting ducks, just waiting for scammers to swoop them up, the publication reported.
That’s why is essential for both companies and individuals alike to safeguard their login software.
Guccione recommends that consumers invest in password management solutions and dark web monitoring tools — which alert users when their info has been leaked — while companies should adopt ironclad security systems that “limit risk by ensuring access to sensitive systems is always authenticated, authorized and logged.”
“Organizations need to do their part in protecting users,” said Javvad Malik, head security awareness advocate at KnowBe4, “and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi-factor authentication wherever possible.”
Former NSA cybersecurity expert Evan Dornbush warned users against employing “the same password at multiple sites.”
“If an attacker steals a password from one database and the individual has reused it elsewhere, then the attacker can gain access to those accounts as well,” he said.
The latest breach comes after another major incident last month that saw up to 184 million passwords potentially exposed in what experts are calling a “cybercriminal’s dream.”
The leak reportedly impacted everything from Apple and Google usernames and passwords and social media logins to bank accounts.
