Latest news with #passwordLeak
Khaleej Times
26-06-2025
- Khaleej Times
Cybersecurity focus: Strong passwords key to privacy and data protection
Cybersecurity measures are essential for ensuring privacy and data protection in today's digital landscape and the web users, businesses and corporate entities should opt for strong and unique passwords combined with multi-factor authentication (MFA) add layers of security to their personal and official email accounts, experts say. Executives, analysts and cybersecurity specialists said key strategies must include implementing strong encryption to safeguard sensitive information, using MFA to enhance access security, and conducting regular security audits to identify vulnerabilities. While referring to recent reports of a "16 billion password leak" that have sparked widespread concern, experts said businesses and commercial organisations should also educate employees on phishing and social engineering threats, promoting a culture of cybersecurity awareness. 'Utilising firewalls and antivirus software helps defend against malware and unauthorised access while regular software updates and patch management are crucial to address vulnerabilities,' according to cybersecurity specialists. Go for Strong Password Ezzeldin Hussein, Regional Senior Director, Solution Engineering, META, SentinelOne, said a strong password is the subscriber's first barrier—don't let it be the weakest link. 'While this recent leak aggregates old data, the danger remains current. Cybercriminals don't need new breaches when billions of credentials are still valid and reused. These massive compilations fuel phishing campaigns, credential stuffing, and identity-based attacks at scale,' Hussein told BTR. "Passwords remain the first line of defence in cybersecurity, yet weak or reused credentials continue to be the leading cause of breaches worldwide. As cyber threats grow more advanced, relying on simple passwords is no longer enough — strong authentication practices are essential to safeguarding both personal and enterprise data." "A password is more than just a key — it's the gateway to your digital identity. Strengthen it, protect it, and complement it with multi-factor authentication. Let this be a reminder — not just on World Password Day, but every day — that cyber hygiene begins with small but critical habits: changing default passwords, avoiding reuse, using password managers, and staying alert to phishing threats." "Ultimately, the path forward is clear: we must shift toward passwordless authentication through biometrics, passkeys, and zero-trust identity models. A secure password is the first step toward a more resilient digital future. It's not just a personal responsibility; it's a shared mission across users, enterprises, and technology providers.' Leading media outlets and publications have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. This is considered one of the largest data breaches in history and the records are scattered across 30 different databases including some of the global tech giants such as Apple, Facebook, Google, GitHub, Telegram, and even government platforms. 'Cybercriminals now have unprecedented access to personal credentials and could exploit them for account takeovers, identity theft, and targeted phishing attacks,' according to the report. In response to the breach, Google has urged billions of users to switch from traditional passwords to more secure passkeys while the cybersecurity experts warned about suspicious SMS links, which could be part of widespread phishing campaigns tied to the stolen data. Verify Links, Info First Rob T. Lee, Chief of Research at SANS Institute, advised the web users, businesses and corporate entities to verify the links and information first before taking any action. 'After consulting multiple trusted CTI contacts, we've found no evidence of a fresh 16 billion-record password dump — no raw files or verified feeds have surfaced. This claim follows Forbes' May 17 article on '19 billion stolen passwords,' which similarly lacked source attribution and clarity on whether these figures overlap.' He said the report's cited password-manager vendor, Keeper Security, isn't named as the origin of the data and makes no reference to any breach on its own website. 'Independent of the exact breach size, enabling multi-factor authentication blocks over 90% of account-takeover attempts. Our recommendation to all organizations and end users is simple: verify before you panic and implement 2FA today.' Update Passwords Regularly Peter Mackenzie, Director of Incident Response and Readiness, Sophos, said it is an important reminder to everyone to take proactive steps to update passwords, use a password manager and employ multi-factor authentication to avoid credential issues in the future. 'While you'd be right to be startled at the huge volume of data exposed in this leak it's important to note that there is no new threat here, this data will have already likely have been in circulation. These data sets are an amalgamation of information. What we are understanding is the depth of information available to cyber criminals. If you are concerned about your data being involved then using a service like can help you to check.' Bernard Montel, Technical Director and Security Strategist - EMEA, Tenable, said data breach is a serious matter and everyone should protect its privacy through effective cybersecurity measures. 'Firstly, this is not a new data breach. It's the result of threat actors' use of infostealer malware that has silently scraped usernames and passwords during breaches. This data has been bundled, traded, and resurfaced across underground forums. That said, it's no less concerning,' Montel told BTR. 'Periodically we see this type of database surface, demonstrating that hackers have access to our online identities. Using scripts [a small program written in a programming language — such as Python, JavaScript, or Bash - that tells a computer step-by-step to do something] threat actors can trawl this treasure trove of information looking for patterns in passwords, but also credential reuse across multiple accounts. The latter is akin to a master key as it suggests the same combination will open multiple doors.' As far as organisations are concerned, he said it's about understanding that this is a potential risk if these records correlate with over-privileged identities. Identities are the new perimeter given that compromised identities are at the center of nearly every successful cyberattack. "Organisations must adopt an identity-first approach, that continuously validates permissions and access to prevent identity-based attacks before they occur," Montel said.
Yahoo
19-06-2025
- Yahoo
16 billion passwords from Apple, Facebook, Google and more leaked. Why has no one heard of it?
Sixteen billion passwords to Apple, Facebook, Google, and other social media accounts, as well as government services, were leaked in what researchers are calling the largest data breach ever, according to reports. The leak exposed 16 billion login credentials and passwords, prompting both Google to tell billions of users to change their passwords and the FBI to warn Americans against opening suspicious links in SMS messages, according to a report published Thursday in Forbes. Researchers at Cybernews, who have been investigating the leak, found '30 exposed datasets containing from tens of millions to over 3.5 billion records each.' All but one of these datasets have not been previously reported as being exposed, so the data impacted is all considered new. 'This is not just a leak – it's a blueprint for mass exploitation,' the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. 'These aren't just old breaches being recycled,' they warned, 'this is fresh, weaponizable intelligence at scale.' Most of that intelligence was in the format of a URL, followed by logins and passwords. That information then allowed access to 'pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.' While worrisome, the researchers found that the datasets were exposed very briefly – with enough time for them to be discovered, but not long enough for researchers to figure out who was controlling the data. Researchers have determined the leak is the work of multiple infostealers, but it's impossible to tell how many people or accounts were exposed, according to Cybernews. The experts urge people to invest in password management solutions, not share their passwords and to stay alert in the event their passwords are compromised. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
18-06-2025
- Forbes
16 Billion Apple, Facebook And Google Passwords Leaked — Change Yours Now
The biggest password leak in history confirmed. getty If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here's what you need to know and do. Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It's why Google is telling billions of users to replace their passwords with much secure passkeys. It's why the FBI is warning people not to click on links in SMS messages. It's why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it's why this latest revelation is, frankly, so darn concerning for everyone. According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, '30 exposed datasets containing from tens of millions to over 3.5 billion records each,' have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit. These collections of login credentials, these databases stuffed full of compromised passwords, comprise what is thought to be the largest such leak in history. The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors. Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception. 'This is not just a leak – it's a blueprint for mass exploitation,' the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. 'These aren't just old breaches being recycled,' they warned, 'this is fresh, weaponizable intelligence at scale.' Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to 'pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.' Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. 'Organisations need to do their part in protecting users,' Javvad Malik, lead security awareness advocate at KnowBe4, said, 'and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi factor authentication wherever possible." To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don't wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.
