Google, Apple, Facebook, and others have experienced the largest password leak in history, exceeding 16 billion passwords. Warnings are being issued that passwords should be changed immediately.
According to U.S. Forbes on the 19th (local time), the cybersecurity media CyberNews revealed that it has confirmed 30 large data breach datasets as a result of an investigation conducted since January. Each of these contains tens of millions to over 3.5 billion records. Combining all of them includes a total of 16 billion passwords and login information. Notably, it is reported that none of these datasets have been previously transferred. In other words, they are all new data. CyberNews noted, "This is not just a simple information exposure but aimed for large-scale exploitation."
This leak is presumed to have been collected by InfoStealer (information theft malware). Attackers collected credentials from various platforms, including VPN (Virtual Private Network), SNS (social media), developer portals, emails, and financial services, with many of these reportedly already being sold on the dark web.
Darren Guccione, CEO of the security solutions company Keeper Security, said in an interview with Forbes, "This incident serves as a warning that sensitive information can be exposed in unexpected ways," and added, "Cloud environments with configuration errors can be easily exposed to hackers." He recommended the adoption of password management solutions and dark web monitoring tools for both corporations and individuals.
Experts are urging corporations to strengthen user protection while also recommending that users change their passwords and utilize password safety management services and password-less authentication methods like passkeys.