A data breach reportedly resulted in the leak of 16 billion records containing passwords from major sites such as Apple, Google and Facebook.
But how worried should you be, and what can you do to protect yourself?
Was this a new data breach?
The leak has been reported as a new data breach, but this wasn't a new case of websites being compromised.
Instead, it appears to be a case in which previously stolen information was packaged into a database and sold.
According to Cybernews, only one of the exposed datasets had previously been reported. Researchers also claim that datasets like these emerge every few weeks, a sign of how prevalent it is for sensitive information to be compromised.
According to a report published this week, Cybernews researchers recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials.Â
The 16 billion records count covers datasets researchers have uncovered since the start of the year. That's about two passwords for every person on the planet, numbers-wise.
Many of the datasets were only exposed briefly, long enough for researchers to find them, but not long enough to discover who was behind the data.
What's in the records?
There is no way to compare data between different data sets easily, but many of the records are likely duplicates, making it hard to determine how many people or accounts were exposed.
It's also important to note that the leaked login information doesn't span from a single source, such as one breach targeting a company. Instead, it appears that the data was stolen through multiple events over time, and then compiled and briefly exposed publicly, which is when Cybernews reports that its researchers discovered it.
Most of the information appeared to include a URL, login details and a password, including services from Apple, Facebook, Google, Telegram and GitHub, along with government services.
The information could be used for phishing campaigns, taking over accounts, ransomware attacks and attacks that compromise business emails.
How big is the risk?
It's unclear who owns the data, but it's likely to include datasets owned by cybercriminals who use large datasets to scale up attacks.
With so many records, even a tiny success rate can lead to millions of individuals falling prey to scams that get them to reveal more sensitive information, such as financial account information.
What can you do to protect yourself?
Because these are compiled data sets, it's difficult to determine if your data was included or what sites may have been compromised.
However, you can still take general security precautions to protect yourself, including using a password manager to generate strong passwords and updating passwords on a regular basis.
You should also use multifactor authentication as much as possible and monitor your accounts for suspicious activity.
If you receive texts or calls purporting to be from a bank or company, do not disclose sensitive information. Instead, hang up and call back using the organization's customer service department.
The Associated Press contributed to this report.
Source link
