Pakistan’s National Cyber Emergency Response Team (NCERT) issued an urgent advisory, calling on citizens to change their social media and online account passwords following a massive global data breach that exposed 184 million unique credentials. The leak, one of the largest in recent years, poses significant risks of fraud, identity theft, and cyberattacks.
Dawn and The News International reported the breach, which exposed usernames, passwords, email addresses, and URLs linked to major platforms like Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, as well as government portals, banking, and healthcare systems worldwide. Compiled through info-stealing malware, the data was stored in plain text without encryption, making it highly vulnerable. NCERT warned that the unprotected database could enable cybercriminals to exploit accounts across multiple services.
Potential Risks
NCERT highlighted several threats from the leak:
- Credential Stuffing: Automated login attempts using stolen credentials.
- Account Takeovers: Unauthorised access to personal and financial accounts.
- Identity Theft: Scams and impersonation using stolen digital identities.
- Ransomware and Espionage: Targeted attacks on individuals and organisations.
- Government System Breaches: Risks to sensitive public sector platforms.
- Phishing Attacks: Tailored scams leveraging leaked personal data.
NCERT recommends immediate password changes for all online accounts, enabling two-factor authentication (2FA), and monitoring accounts for suspicious activity. “Strong, unique passwords and 2FA are critical to mitigate risks,” the advisory stated. Users should also avoid reusing passwords across platforms and be cautious of phishing emails.
Cybersecurity expert Dr. Faisal Riaz from LUMS notes, “This breach underscores the growing threat of infostealer malware. Public awareness and robust cybersecurity measures are essential.” Check NCERT’s advisory for detailed guidance and update your passwords immediately.
