Latest news with #dataleak
Telegraph
2 days ago
- Politics
- Telegraph
We need full transparency about the Afghan data breach
What must rank among the worst security breaches in history has cost the taxpayer billions of pounds while risking the lives of thousands of Afghans who fought alongside the Armed Forces during the UK's military commitment to the country. The leak of the personal details of soldiers and other Afghans who helped Britain during a deployment lasting almost two decades has been known about for several years but kept under wraps by an unprecedented court superinjunction. It was lifted at noon on Tuesday and was followed up with a statement in the Commons by John Healey, the Defence Secretary, that left MPs incredulous. How could this possibly happen? It almost beggars belief, except that when it comes to keeping data under lock and key the British state has proved to be singularly incompetent over the years. A spectacular breach in 2007 involved the loss in the post of two CDs containing details of 25 million child benefit claimants. HMRC's handling of data was described as 'woefully inadequate' by an official inquiry and staff were described as 'muddling through'. The 2013 Snowden leaks detailed GCHQ's secret surveillance methods used against millions of internet users. Despite promises to introduce fail-safe protocols, these data breaches continue though none have been on this scale. This saga began in Feb 2022, when an unnamed 'defence official' sent an unauthorised email to a group of Afghans and accidentally included a spreadsheet containing the identities of 18,700 asylum applicants who had worked with the British Army. This error only came to light 18 months later when an anonymous Facebook user posted extracts of the data relating to nine individuals. They were deleted within three days after Whitehall officials contacted Meta, Facebook's owner. The database also included the details of British government officials, There already was a resettlement scheme for selected applicants called Arap – Afghan Relocations and Assistance Policy. But as a result of the leak the Government decided to offer asylum to those deemed to be at risk of reprisal attacks from the Taliban. A new secret, unified resettlement programme was established which so far has allowed 900 more applicants and their families with a similar number still in the pipeline. The cost will be around £800 million. But what is not clear is how many on the list were also accepted under ARAP and other schemes. Mr Healey said that to date 36,000 Afghans have been accepted for asylum at an expected cost of around £6 billion. He has now closed all schemes to new applicants, saving £1.5 billion, but will honour hundreds invitations still being processed. Many accept that the country owed an obligation to all Afghans who fought alongside or assisted the Armed Forces once the decision was taken to withdraw in 2021. But the costs of this have grown without any proper scrutiny either in parliament or the media. This has all been kept under wraps because the High Court in 2023 granted a super-injunction against newspapers and media organisations, including The Telegraph, which meant its very existence could not be reported and no inquiries made. This was based on a judgment that the Afghans on the list were at risk. But an internal review concluded there was little evidence of Taliban retribution against former soldiers and that they already had the information to target anyone they wanted. The review said that being on the spreadsheet was not necessarily perilous but could not be ruled out. Indeed, a number of former Afghan special forces personnel have been murdered by the Taliban since it regained power in Afghanistan in 2021 There are occasions where such super-injunctions may be deemed necessary; but in this instance it has meant even the Chancellor of the Exchequer and members of the Cabinet were kept in the dark. How can such great amounts of money be spent without recourse to parliament or without obviously appearing on the Treasury or Home Office books? The secrecy also meant even the Afghanis whose lives could be in danger were unaware of the risk because the Government feared that by telling them, this would increase the risk of the Taliban finding out. The Government was also fearful that thousands more not accepted for asylum would use the likely scandal as a reason to come to the UK. Court documents show that Whitehall officials suspected the breach might bring nearly 43,000 people to the UK. Officials said that a further 17,000 Afghans deemed eligible to come to Britain under a separate relocation scheme were found to have been affected by the breach. Of these, 14,000 are already in the country or are in transit, and 3,000 more are yet to travel. Moreover, there are people who should have qualified who have fled to neighbouring countries and are at risk of deportation. Mr Healey said it was four years since the Taliban returned to the government of Afghanistan and the passage of time meant the threat had subsided. But for many who worked to help Britain and remain in Afghanistan it will never go away. There are still many unanswered questions about this affair. Transparency, which has been woefully lacking as a result of the super-injunction, is now essential.
Yahoo
21-06-2025
- Yahoo
‘Passwords Data Breach' Trend Explained Amid Apple, Google & Facebook Leak
Wondering why 'password data breach' is trending online? The trend centers around a massive password leak as researchers reveal that over 16 billion login details have been exposed. Moreover, the stolen information reportedly includes usernames and passwords for popular services like Apple and Google. Without further ado, here are all the details we've gathered about the password leak that is dominating online search trends. The term 'password data breach' is trending widely online after cybersecurity researchers confirmed what is believed to be the largest collection of stolen login credentials in history. In a new discovery, 16 billion sets of credentials, including usernames and passwords, have been leaked online. The discovery was made by the research team at Cybernews, led by Vilius Petkauskas, who has been investigating this incident since early 2025. The leak appears to be the result of multiple infostealer malware attacks, malicious programs that secretly collect login data from infected devices. Petkauskas confirmed that his team had found 30 different data dumps, each containing tens of millions to billions of records. These exposed datasets are believed to be fresh and highly exploitable. Google, Facebook, GitHub, Telegram, and even government services can be impacted by this. Much of the data is organized in a basic format: website address, username, and password. This structure makes it especially easy for hackers to weaponize. Experts warn this isn't just a privacy concern, but a critical security threat. As Lawrence Pingree, a VP at Dispersive, noted, this kind of data is routinely circulated and sold on the dark web, often repackaged and redistributed. These credentials open the door to phishing schemes, identity theft, and account takeovers. (via Forbes) In response to the breach, Google has been promoting the use of passkeys as a safer alternative to traditional passwords, urging users to enhance their security practices. Meanwhile, the FBI continues to advise people against clicking on suspicious links sent via text message. Originally reported by Disheeta Maheshwari on The post 'Passwords Data Breach' Trend Explained Amid Apple, Google & Facebook Leak appeared first on Mandatory.
Yahoo
21-06-2025
- Yahoo
Billions of login credentials may have leaked. Here's how you can protect your accounts
A report that independent cybersecurity news outlet Cybernews published on Wednesday claimed 16 billion login credentials were exposed and compiled into datasets online, giving cybercriminals access to accounts on such online platforms as Google, Apple and Facebook. CBC News was unable to independently verify the report, but cybersecurity experts say the incident is yet another reminder for people to regularly change their passwords and not use the same one for multiple platforms. "About three or four times a year, take those passwords that are especially in the social platforms that you use, the places you like to go, and just change those passwords and keep them fresh," Enza Alexander, executive vice-president of ISA Cybersecurity in Toronto, said. "Don't reuse what you used before. Use [passwords] that have characters and numbers and that are very unique." Alexander acknowledged this can make them harder to remember, but cycling passwords on the different platforms you use makes it harder for cybercriminals to access your accounts and find indicators of your identity. Cybernews said that duplicate records are likely to be present in the datasets, meaning it's "impossible" to determine the exact number of people whose credentials might have been exposed in the leak. The leaked records don't appear to come from a centralized breach that targeted a specific company but rather a compilation of datasets containing login credentials that were gathered over time. Cybernews said in its report that various infostealers are likely behind it. Infostealers are a form of malicious software that breaches a victim's device or systems to take sensitive information. A Google spokesperson said in a statement to CBC News that the issue did not stem from a Google data breach. Bob Diachenko, a cybersecurity researcher and Cybernews contributor who was involved in reporting the leak, posted on social media platform X noting that there was no single source of the leak. "What this number reflects is the size of different infostealers logs exposed publicly since the beginning of this year alone," Diachenko said in the post, adding that the leak signifies the large scale of "infostealers infections" today. Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But as data breaches become increasingly common in today's world, experts continue to stress the importance of maintaining key "cyber hygiene." How can you protect your credentials? Alexander said that "it's difficult to understand what is accurate and what is not" about the leak, but noted that it's important for people to change their passwords if they're worried they might be affected. She also recommended that people look at different security offerings that platforms may offer, such as logging in using a passkey rather than a password. Some online services, like Google and Apple, allow users to sign in using a passkey as an alternative to using a password. This lets users sign into their accounts with a facial recognition scan, their fingerprint or a pin. In its statement, Google encouraged users to use passwordless authentication methods such as passkeys, which the company said are more secure. It also suggested using tools like Google Password Manager, which will store passwords and notify users if any of their passwords have been involved in a data breach so they can take action. "It's really important that people see if they've been affected but not overreact to the situation," Alexander said. Error while retrieving data Sign in to access your portfolio Error while retrieving data Error while retrieving data Error while retrieving data Error while retrieving data
CBC
21-06-2025
- CBC
Billions of login credentials may have leaked. Here's how you can protect your accounts
A report that independent cybersecurity news outlet Cybernews published on Wednesday claimed 16 billion login credentials were exposed and compiled into datasets online, giving cybercriminals access to accounts on such online platforms as Google, Apple and Facebook. CBC News was unable to independently verify the report, but cybersecurity experts say the incident is yet another reminder for people to regularly change their passwords and not use the same one for multiple platforms. "About three or four times a year, take those passwords that are especially in the social platforms that you use, the places you like to go, and just change those passwords and keep them fresh," Enza Alexander, executive vice-president of ISA Cybersecurity in Toronto, said. "Don't reuse what you used before. Use [passwords] that have characters and numbers and that are very unique." Alexander acknowledged this can make them harder to remember, but cycling passwords on the different platforms you use makes it harder for cybercriminals to access your accounts and find indicators of your identity. Cybernews said that duplicate records are likely to be present in the datasets, meaning it's "impossible" to determine the exact number of people whose credentials might have been exposed in the leak. The leaked records don't appear to come from a centralized breach that targeted a specific company but rather a compilation of datasets containing login credentials that were gathered over time. Cybernews said in its report that various infostealers are likely behind it. Infostealers are a form of malicious software that breaches a victim's device or systems to take sensitive information. A Google spokesperson said in a statement to CBC News that the issue did not stem from a Google data breach. Bob Diachenko, a cybersecurity researcher and Cybernews contributor who was involved in reporting the leak, posted on social media platform X noting that there was no single source of the leak. "What this number reflects is the size of different infostealers logs exposed publicly since the beginning of this year alone," Diachenko said in the post, adding that the leak signifies the large scale of "infostealers infections" today. Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But as data breaches become increasingly common in today's world, experts continue to stress the importance of maintaining key "cyber hygiene." How can you protect your credentials? Alexander said that "it's difficult to understand what is accurate and what is not" about the leak, but noted that it's important for people to change their passwords if they're worried they might be affected. She also recommended that people look at different security offerings that platforms may offer, such as logging in using a passkey rather than a password. Some online services, like Google and Apple, allow users to sign in using a passkey as an alternative to using a password. This lets users sign into their accounts with a facial recognition scan, their fingerprint or a pin. In its statement, Google encouraged users to use passwordless authentication methods such as passkeys, which the company said are more secure. It also suggested using tools like Google Password Manager, which will store passwords and notify users if any of their passwords have been involved in a data breach so they can take action.
Yahoo
21-06-2025
- Yahoo
Billions of login credentials may have leaked. Here's how you can protect your accounts
A report that independent cybersecurity news outlet Cybernews published on Wednesday claimed 16 billion login credentials were exposed and compiled into datasets online, giving cybercriminals access to accounts on such online platforms as Google, Apple and Facebook. CBC News was unable to independently verify the report, but cybersecurity experts say the incident is yet another reminder for people to regularly change their passwords and not use the same one for multiple platforms. "About three or four times a year, take those passwords that are especially in the social platforms that you use, the places you like to go, and just change those passwords and keep them fresh," Enza Alexander, executive vice-president of ISA Cybersecurity in Toronto, said. "Don't reuse what you used before. Use [passwords] that have characters and numbers and that are very unique." Alexander acknowledged this can make them harder to remember, but cycling passwords on the different platforms you use makes it harder for cybercriminals to access your accounts and find indicators of your identity. Cybernews said that duplicate records are likely to be present in the datasets, meaning it's "impossible" to determine the exact number of people whose credentials might have been exposed in the leak. The leaked records don't appear to come from a centralized breach that targeted a specific company but rather a compilation of datasets containing login credentials that were gathered over time. Cybernews said in its report that various infostealers are likely behind it. Infostealers are a form of malicious software that breaches a victim's device or systems to take sensitive information. A Google spokesperson said in a statement to CBC News that the issue did not stem from a Google data breach. Bob Diachenko, a cybersecurity researcher and Cybernews contributor who was involved in reporting the leak, posted on social media platform X noting that there was no single source of the leak. "What this number reflects is the size of different infostealers logs exposed publicly since the beginning of this year alone," Diachenko said in the post, adding that the leak signifies the large scale of "infostealers infections" today. Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But as data breaches become increasingly common in today's world, experts continue to stress the importance of maintaining key "cyber hygiene." How can you protect your credentials? Alexander said that "it's difficult to understand what is accurate and what is not" about the leak, but noted that it's important for people to change their passwords if they're worried they might be affected. She also recommended that people look at different security offerings that platforms may offer, such as logging in using a passkey rather than a password. Some online services, like Google and Apple, allow users to sign in using a passkey as an alternative to using a password. This lets users sign into their accounts with a facial recognition scan, their fingerprint or a pin. In its statement, Google encouraged users to use passwordless authentication methods such as passkeys, which the company said are more secure. It also suggested using tools like Google Password Manager, which will store passwords and notify users if any of their passwords have been involved in a data breach so they can take action. "It's really important that people see if they've been affected but not overreact to the situation," Alexander said.
