Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals “unprecedented access” to accounts consumers use each day.
According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials, says AP. That includes user passwords for a range of popular platforms including Google, Facebook and Apple.
16 billion is roughly double the amount of people on Earth today, signalling that impacted consumers may have had credentials for more than one account leaked. Cybernews notes that there are most certainly duplicates in the data and so “it’s impossible to tell how many people or accounts were actually exposed.”
It is also important to note that the leaked login information does not span from a single source, such as one breach targeting a company. Instead, it appears that the data was stolen through multiple events over time, and then compiled and briefly exposed publicly, which is when Cybernews reports that its researchers discovered it.
Various infostealers are most likely the culprit, Cybernews noted. Infostealers are a form of malicious software that breaches a victim’s device or systems to take sensitive information.
Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But, as data breaches become more and more common in today’s world, experts continue to stress the importance of maintaining key “cyber hygiene.”
Worries about potential leaked account data in a recent breach can be allayed by changing one’s password first and foremost, and by avoiding using the same or similar login credentials on multiple sites. One may also add multifactor authentication, which can serve as a second layer of verification through your phone, email or USB authenticator key.