16 billion login credentials from Google and other sites leaked online, report says

Sixteen billion login credentials have been leaked and compiled into datasets online, giving criminals “unprecedented access” to accounts consumers use each day, according to researchers at cybersecurity outlet Cybernews.

According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials. That includes user passwords for a range of popular platforms including Google, Facebook and Apple.

Because 16 billion is roughly double the amount of people on Earth today, the number signals that impacted consumers may have had credentials for more than one account leaked. Cybernews notes that there are most certainly duplicates in the data and so “it’s impossible to tell how many people or accounts were actually exposed.”

It’s also important to note that the leaked login information doesn’t stem from a single source, such as one breach targeting a company. Instead, it appears that the data was stolen through multiple events over time, and then compiled and briefly exposed publicly, which is when Cybernews reports that its researchers discovered it.

Various so-called “infostealers” are most likely the culprit, Cybernews noted. Infostealers are a form of malicious software that breaches a victim’s device or systems to take sensitive information.

The report comes amid a recent wave of cybersecurity attacks, which have grown more advanced in recent years. Two insurers, Erie Insurance and Philadelphia Insurance Companies, announced that their networks were hacked earlier this month. 

On Friday, Aflac said hackers gained access to its customers’ personal information in a cybersecurity attack last week.

Experts worry the situation may only get worse, CBS News’ 60 Minutes recently reported.

Experts call for “cyber hygiene”

Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But, as data breaches become more and more common in today’s world, experts continue to stress the importance of maintaining key “cyber hygiene.”

If you’re worried about your account data potentially being exposed in a recent breach, the first thing you can do is change your password — and avoid using the same or similar login credentials on multiple sites. 

If you find it too hard to memorize all your different passwords, consider a password manager or passkey. And also add multifactor authentication, which can serve as a second layer of verification through your phone, email or USB authenticator key.

Source: CBS News
--Agencies