Sixteen billion passwords to social media accounts and were leaked what has been described as one of the largest ever data breaches, it’s reported.
The global breach exposed login credentials and passwords to Apple, Facebook, Google and other social media accounts as well as governments services, according to a report published by Forbes.
Google has urged its billions of users to update their passwords, while the FBI is warning people to be careful before clicking on links in SMS messages.
Researchers at Cybernews, which has been investigating the leak, said it found ’30 exposed datasets containing from tens of millions to over 3.5 billion records each.’
They said only one of them had previously been reported as being exposed.
The team warned: ‘This is not just a leak – it’s a blueprint for mass exploitation.
‘With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.’
They continued: ‘These aren’t just old breaches being recycled, this is fresh, weaponisable intelligence at scale.’
Cyber News called it ‘one of the largest data breaches in history’.
It’s thought the breach comes from various sources, including credential stuffing lists, stealer malware, and repackaged past leaks.
According to the researchers, the datasets were only exposed very briefly, enough time for them to be found by the team but not enough time for them to find out who was controlling the data.
Chris Linnell, associate director of data privacy at cyber security firm, Bridewell, described the breach as ‘serious’ as it potentially gave attackers access to multiple services.
He added that under data protection laws, such as the UK GDPR, individuals usually have the right to be informed about breaches that pose a high risk to their rights and freedoms.
They should also be told what steps are being taken to mitigate the impact.
‘However, because the source of this breach is currently unknown, it may be difficult for affected individuals to receive specific guidance or seek direct recourse.
‘In the meantime, the most effective course of action is to focus on preventing any further impact through proactive security measures.’
What to do if you’re worried your data has been exposed
Mr Linnell advised anyone concerned they might have been impacted by the breach to check their devices for malware using reputable antivirus or anti-malware software.
‘Run a full system scan and follow the software’s guidance to quarantine or remove any threats,’ he said.
‘Ensure your operating system and applications are up to date, as software updates often include critical security patches. If malware is detected, consider resetting your device to factory settings after backing up essential data, and reinstalling only trusted applications.’
Chris said it’s vital to use strong, unique passwords for each of your online accounts.
‘Avoid reusing passwords across services, as a breach in one can compromise others. A password manager can help generate and securely store complex passwords, reducing the risk of human error,’ he explained.
‘Additionally, enable multi-factor authentication (MFA) wherever possible – this adds an extra layer of protection even if your password is compromised.’
He also urged people to look out for signs of fraud.
‘Use dark web monitoring tools to check if your credentials have been exposed and monitor your bank and credit card statements regularly for unauthorised transactions.
‘Staying proactive can help mitigate the impact of a breach particularly when potential fraud is involved.’
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.