Massive Data Breach Hits Billions of Logins Across Google, Facebook and GitHub

A previously non -reported data breach has exposed more than 16 billion login data, making it one of the largest compilations of stolen personal data ever discovered.

First reported Through CybernewsThe number of data includes references for common services, including Facebook, Google, Telegram and Github, as well as access to company websites for companies, developers and government.

Researchers of Cybernews Said that the information probably comes from a mix of Infeler Malwarelogbooks, reference vuldatabases and previously re -packaged leaks.

“This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews Researchers said in a statement. “With more than 16 billion login data, cyber criminals now have unprecedented access to personal references that can be used for account takeover, identity theft and highly targeted phishing.”

Google, Facebook -parent -meta and Github did not respond immediately Decrypts Requests for comments.

An info-stealer is malignant software that secretly collects sensitive data-such as passwords, financial information and browser activity and sends it to cyber criminals.

In contrast to Keyloggers, capturing info-stealers not only what a victim type, but also systems for stored passwords, cookies, car data and other exploitable information.

The researchers identified 30 data sets, each ranging from tens of millions to more than 3.5 billion records. The average data set contained around 550 million entries.

According to CybernewsThe datasets were briefly exposed online via uncovered cloud storage. While they were removed quickly, the exposure was sufficient to collect and analyze the data sets.

The individuals or groups responsible for the leak are not identified.

In the event of a separate incident, Coinbase announced in May that an infringement hit more than 69,000 customers in December. That same month, the crypto exchange became the target of cyber criminals who demanded a Bitcoin -Losgeld of $ 20 million for stolen customer data. Instead of paying, Coinbase launched a premium of $ 20 million to detect the attackers.

“They then tried to squeeze Coinbase for $ 20 million to hide this. We said no,” Coinbase said in a statement at that time.

Experts warn that data breaches are serious risks for individuals and organizations, in particular those who miss which strong cyber security practices, such as multi-factor authentication and routine password updates.

“Not all sites force the password reset when discovering infringement,” said a security expert Decodeer. “People always reuse passwords, or variants of them, making them easy goals.”

The expert, who spoke on condition of anonymity, noted that the latest Lek smallest will have an impact on smaller websites and individual users with limited cyber security sources.

A violation to be prevented?

Although the scale of the infringement is alarming, the main cause is not new or particularly advanced and can have a limited impact on those who use two-factor authentication, password managers and passkeys as essential defenses.

“Normal users will be influenced,” the expert said. “Users with 2FA will be fine.”

Multi-factor authentication in the form of mobile apps such as Google Authenticator and Microsoft Authenticator adds a critical layer of security by obliging users to verify their identity via an additional method, such as an SMS message code, app report, Face ID or fingerprint.

Passkeys, a newer alternative to traditional passwords, eliminate the need for login data fully by using cryptographic tests stored on a user’s device. Passkeys are ‘original’, which means that they only work with the specific website or service for which they were made.

Passkeys are considered safer and less vulnerable to phishing attacks and are taken over by giants in the industry such as such as GoogleAmazon, AppleAnd Microsoft.

Edited by Sebastian Sinclair