—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Broad Credential Exposure Involving Multiple Online Services 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Overview

Recently, several media reported a significant exposure of approximately 16 billion login credentials, including usernames, passwords, authentication tokens, and associated metadata from platforms such as Apple, Google, Facebook, Telegram, GitHub, and various virtual private network (VPN) services. Compiled from multiple unsecured datasets and infostealer malware campaigns, this leak presents a severe risk of unauthorized account access, identity theft, phishing, and a range of other cyberattacks.

Impact

This credential leak may enable adversaries/threat actors to conduct:

Credential Stuffing: Attempting stolen credentials across multiple services to gain unauthorized access.

Phishing and Social Engineering: Leveraging metadata for targeted phishing campaigns.

Account Takeovers: Unauthorized access to personal, financial, or organizational accounts.

Ransomware and Business Email Compromise: Exploiting compromised credentials for financial gain or data theft.

Description

The dataset aggregates credentials from 30 separate sources, primarily obtained through infostealer malware and exposed through misconfigured, publicly accessible databases-such as unsecured Elasticsearch instances.

The exposed dataset comprises:

Username and password pairs for services including Apple, Google, Facebook, Telegram, GitHub, and VPN services.

Authentication tokens and session cookies, enabling potential bypass of password-based authentication.

Metadata associating credentials with specific platforms or user profiles.

Primary data collection vectors include:

Infostealer Malware: Malware targeting browser-stored credentials, authentication tokens, and cookies.

Unsecured Databases: Misconfigured Elasticsearch instances and other publicly accessible databases exposing aggregated credential sets.

The availability of this data on the dark web increases the likelihood of exploitation by cybercriminals.

Recommendations to mitigate risks

It is recommended to take following actions to mitigate risks associated with this exposure.

For Individuals

Update Passwords Immediately:

Change passwords for all affected services, prioritizing email, banking, social media, and government portals. Create strong, unique passwords (minimum 12 characters, including letters, numbers, and symbols). Avoid reusing passwords across services to prevent credential stuffing attacks. Make it a habit to change your passwords regularly.

Enable Multi-Factor Authentication (MFA):

Activate MFA on all accounts that support it, using authenticator apps, hardware tokens, or SMS-based verification.

Transition to Passkeys:

Where supported (e.g., Apple, Google), enable passkeys for password-less, phishing-resistant authentication using biometrics or device PINs.

Protect Against Malware:

Run antivirus scans to detect and remove infostealer malware. Ensure operating systems, browsers, and applications are updated to address known vulnerabilities.

For Organizations and System Administrators

Implement Zero-Trust Security:

Enforce MFA and least-privilege access controls for all users and systems.

Monitor and Respond to Threats:

Deploy intrusion detection systems (IDS) and Security Information and Event Management (SIEM) tools to detect unauthorized access attempts. Monitor for suspicious account activity, such as unexpected logins or configuration changes.

Secure Data Storage:

Audit databases to ensure they are not publicly accessible. Implement encryption for stored credentials and sensitive data.

Employee Training:

Conduct cybersecurity awareness training focused on phishing prevention and secure password practices.

References

Cybernews

https://cybernews.com/security/billions-credentials-exposed-infostealers-data -leak/

Forbes

https://www.forbes.com/sites/daveywinder/2025/06/20/16-billion-apple-facebook-google-passwords-leaked—change-yours-now/

CERT-In

Securing social media accounts

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2024-0006

Preventing Online scams

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2024-0050

– – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: 1800-11-4949

FAX: 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmhcDBEACgkQ3jCgcSdc

ys88hxAAqKajGiBE3q10iX/eu5PNTl2qjLiUpfoWUqfee3XWiljHGLOa/Ec5xF0W

xh5Vqq3eXf+3DDMnlGxxrjNK6fXh9kdOo0xz4ko043slkaehrwyD99gmez/OSgzy

gRbrPmVKp3e5DGoH0mEC0+dv5TILOSCb7lxNsPyiqdP936fGOzjQU6e7lRoaoo29

pGldatD3UycWBws66GS1LDLe5hFIqa4dwcg4RR+ZFGGGcrR88TcBlkYO1N9a707/

1p1emrysi69r/BRtMAusCgXcbFqB1VJ7ABSV9zZZnchpGXvm/2UoceQ8UDcqo43p

7Y5qLMexbIpXTIQBDgkB5aCBO+/knKvlefF8oWNwVpx0Z917KP01kO9c2zaO1Dv3

m06jaSO9Gbdb8OcsgFBvYZnh3Jf924P1NljL3W8kvdTdWSkTBJK8R/5lGsmqvOpL

rmatOcIg05kwEBst3gC7LuePTURmxlOA+GmtucYMsRaCAD6RI8SzErsubbUpTvUS

DAbMq9U3YTUC1w3l4rl8C4mhiBcohTrcaOpJOWxnA5ZOW5x6qs1YjT50nQGiJMA9

29XLLbzcdxdkc8s+iodM26x572GmMmQ1c54btLnNOU/YS1StXatw4/fF7QFHGNAl

Jb5tTp8YWu2ML/UiHQU05+0gwC8w9KBl2I6/lrxexZY0BnynAIU=

=U7TZ

—–END PGP SIGNATURE—–