Huge Data Breach Exposes 16 Billion Apple, Google, Facebook Passwords And More

It might be high time to rotate your least-changed passwords, if not all of them. The research team at Cybernews has been quietly tracking stolen credential datasets released this year, and the figures aren't good: a total of 16 billion records leaked (so far), including government accounts, Apple, Google, Facebook, Telegram logins, VPN credentials, among many other types of logins.

The team found 30 exposed, easily accessible datasets with stolen access information, ranging from tens of millions to a humongous one with 3.5 billion records, pertaining to a Portuguese-speaking population (Brazil, if we had to guess given the size). While the provenance and relationship between the contents was sometimes ascertained, many of the datasets were completely unnamed. Additionally, while most of the information is apparently login-password sets, there's a collection of login tokens and cookies, potentially letting attackers skip some forms of 2FA altogether. The fact that there are government logins and VPN credentials potentially put lives at risk, too.

You might be wondering if these datasets are just remixes and remasters of old info, but Cybernews claims they're all freshly pressed collections. The site claims the sets were only exposed on the open internet for a short while, but that can be both a blessing and a curse -- while few people only took a look at them, the fact they're now gone could prevent wider reporting, thus not letting as many users know their info could be compromised.

Even worse, new datasets of gigantic dimensions are reportedly popping up "every few weeks," illustrating the point that security professionals have been making for decades now, mostly to deaf ears: there are massive botnets and wide-ranging exploits doing the rounds at any given moment, and these attacks have become a constant threat rather than an occasional one. Cybernews poignantly states that even with a success rate of less than one percent, at this scale we're still talking millions of accounts hacked. As always, we recommend running your email(s) through the website Have I Been Pwned, updating old login credentials, and updating software and firmware on your devices to make sure you're fully patched against known exploits and security holes.