More than 16 billion login credentials have been leaked, researchers said this week, in what they believe to be one of the largest data breaches ever.
According to researchers at Cybernews, who announced the alarming number this week as part of an ongoing investigation that began at the start of the year, the information in the exposed datasets “opens the doors to pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”
[time-brightcove not-tgx=”true”]
“This is not just a leak—it’s a blueprint for mass exploitation,” researchers said. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”
Here’s what to know about the leak, and what experts are advising people to do to protect their personal information.
How do I know if I was affected?
Researchers said “it’s impossible to tell how many people or accounts were actually exposed.”
They cautioned that some reports claiming that Facebook, Google, and Apple accounts were leaked are a little misleading. Bob Diachenko, one of the researchers, told Cybernews that “there was no centralized data breach at any of these companies.” But he added that some of the credentials that were leaked contained login URLs to those sites, opening access to accounts there.
Newsweek reported that, because it hasn’t been confirmed at this time where most of the leaked datasets originally came from, it’s hard to determine whose passwords were impacted.
Should I change my password?
Cybernews advised people to change their passwords as a precaution, and also recommended that people change them regularly to protect themselves against possible future leaks.
The question of how often users should change their passwords is somewhat divisive among cybersecurity experts. Some advise that they should regularly be changed every few months, while others recommend against changing your password unless you think it’s been affected by a data breach.
How do I make a stronger password?
The Cybersecurity & Infrastructure Security Agency offers people a few tips to strengthen their passwords: using at least 16 characters; making them random strings of mixed-case letters, numbers, and symbols; and making them unique to each account.
Some technology experts have recommended using passkeys rather than passwords because they’re more secure.
Cybernews also suggests that users enable multi-factor authentication whenever it’s available, since that makes logging into your account more secure. People should also closely monitor their accounts and, if they notice any suspicious or unusual activity, contact customer support, Cybernews said.