Jakarta, Indonesia Sentinel — Roughly 16 billion login credentials, primarily passwords, have been leaked online, potentially linked to user accounts across major internet platforms including Facebook, Google, and Apple.
The breach was first reported by Cybernews, a technology blog known for monitoring data leaks online.
In the report, cybersecurity researcher Vilius Petkauskas revealed that the 16 billion leaked passwords were compiled from 30 different databases circulating on the internet. With each datasets contained tens to hundreds of millions of data.
With the massive amount of leaked credentials data, it could unlock access to nearly every major online service, including Apple, Facebook, and Google to platforms like GitHub, Telegram, and even government portals.
With the breached data that amounts to roughly two compromised accounts for every individual on the planet, few platform are likely untouched.
Some credentials may be overlapped and difficult to effectively compared between the dataset, making it difficult to confirm the exact people or accounts were actually exposed
However, what makes the breach particularly alarming is the structure and recency of these datasets. He said that these are not outdated credentials from past incidents, but rather new data that could be weaponized.
“This is not just a leak, it’s a blueprint for mass exploitation,” said Petkauskas. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal cr edentials that can be used for account takeover, identity theft, and highly targeted phishing.
The databases, he said, appear to have been assembled from multiple sources, including stealer malware, credential stuffing sets, and repackaged leaks.
Read Also:
Indonesia Suspends World ID Platform, Demand Deletion of Indonesian Iris Data
What’s more alarming, researchers warn that new, massive datasets continue to surface every few weeks. This highlighting the widespread use of malicious software known as “infostealers,” which are designed to harvest sensitive user information.
This data provides hackers with everything they need to launch large-scale credential stuffing attacks. Once an account is compromised, it can be sold on the dark web or used to carry out phishing scams, distribute malware or ransomware, or launch cyberattacks against companies or individuals in the victim’s network.
The origins of the leaked data remain unclear. While some of the databases may have been compiled by cybersecurity researchers for monitoring purposes, experts say it is almost certain that a portion of the troves originated from cybercriminals.
(Raidi/Agung)
