Blitz Bureau
Indian Computer Emergency Response Team (Cert-In) has issued a fresh advisory asking people to follow good cyber security hygiene following reports of a massive data breach involving 16 billion online credentials.
The breach, first reported by the website Cybernews, includes usernames, passwords, authentication tokens, and metadata leaked from platforms such as Apple, Google, Facebook, Telegram, GitHub, and several VPN services.
“This appears to be a consolidated dataset, and some of the credentials may be outdated or already changed. However, we’re issuing the advisory to urge people to follow good cyber security hygiene,” a senior official at Cert-In, the country’s nodal agency for cyber security incident response, said.
The agency has urged individuals to update their passwords immediately, enable multi-factor authentication (MFA), and switch to passkeys wherever possible. The advisory also recommends running antivirus scans and keeping systems up to date to protect against malware.
Advisory issued for hygiene after massive 16 billion data leak
The cyber security agency advised organisations to enforce MFA, limit user access, and use intrusion detection systems (IDS) and Security Information and Event Management (SIEM) tools to detect suspicious activity. It also recommended that companies check that their databases aren’t publicly exposed and ensure that sensitive data is encrypted.
The massive dataset, which is believed to be available on the dark web, has been reportedly compiled from 30 different sources, mostly through infostealer malware. The dataset could enable attackers to carry out phishing, account takeovers, ransomware attacks, and business email compromises, said the Cert-In advisory.
“This is a systemic red flag,” said Gaurav Sahay, cyber security expert and founding partner at Arthashastra Legal.
“The breach is decentralised, harder to detect, and much more difficult to fix. We’re likely to see a wave of account takeovers, especially on cloud / email services, banking or fintech apps, developer platforms, and government portals.”
Sahay added that password reuse remains rampant, and the lack of MFA on many accounts makes even older credentials dangerous. “This is a watershed moment in cyber security, a reminder that the human element remains the weakest link in digital security.”
Earlier, a team of cyber security researchers at Cybernews, led by Vilius Petkauskas, had exposed the largest data breach, leaking 16 billion login credentials, passwords, and sensitive data from major online platforms, according to Forbes.
Cybernews is one of the top cyber security news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis etc.
The investigation team found 30 separate data dumps, each containing anywhere from tens of millions to over 3.5 billion records. In total, the team confirmed, the number of compromised records hit 16 billion.
Petkauskas told Forbes that most of the stolen info was formatted as simple URL links followed by usernames and passwords. In short, if one had ever logged into anything online, her / his information could be in this leak.
“This is not just a leak – it’s a blueprint for mass exploitation. These credentials are ground zero for phishing attacks and account takeover; these aren’t just old breaches being recycled,” the researchers warned.
Speaking to Forbes, Darren Guccione, the CEO and co-founder of Keeper Security, a privileged access management platform to prevent data breaches and mitigate cyber threats, said that consumers should invest in password management solutions and dark web monitoring tools more than ever.
“This means that cyber security is not just a technical challenge but a shared responsibility. People need to remain vigilant of any attempts to steal login credentials,” he added.