Biggest Password Leak of All Time Exposed

The greatest leak of passwords of all time has just been exposed. As many as 16 billion credentials, from Gmail to Apple users, were available online and it is not the work of any one single hacker.

The leak was revealed by Cybernews, a cybersecurity news and research platform, which first started tracking 'exposed datasets' at the beginning of the year. These are databases containing usernames, passwords and other security information on the internet. Slowly, they realised the scale of the issue. A blog on their website stated, 'The Cybernews research team discovered a plethora of supermassive datasets, housing billions upon billions of login credentials. From social media and corporate platforms to VPNs and developer portals, no stone was left unturned.'

These were entirely new data, not collections that had already leaked earlier and were public. The researchers were quoted as saying, 'With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale.'

It couldn't be determined who was controlling all this data. It was only available or 'exposed' for a short while via security loopholes before being taken down. However, that still opens the doorway for cybercriminals to have accessed it. Cybernews wrote, 'It is unclear who owns the leaked data. While it could be security researchers that compile data to check and monitor data leaks, it's virtually guaranteed that some of the leaked datasets were owned by cybercriminals. Cybercriminals love massive datasets as aggregated collections allow them to scale up various types of attacks, such as identity theft, phishing schemes, and unauthorized access. A success rate of less than a percent can open doors to millions of individuals, who can be tricked into revealing more sensitive details, such as financial accounts.'

Given the scale of what was leaked, chances are anyone's password information could be out there. Security experts are suggesting that people change their passwords immediately. And once that is done, enhance security settings like a passkey or switching on two factor authorisations, where just a password alone wont give access but another layer of protection– one-time password, etc–is necessary to get access to one's account.