A massive cybersecurity breach has exposed around 16 billion login credentials globally, one of the largest data leaks ever recorded. India’s cybersecurity agency, CERT-In, issued an urgent advisory (CTAD-2025-0024, dated June 23, 2025) warning users of platforms like Apple, Google, Facebook, Telegram, GitHub, and various VPN services. This leak, compiled from 30 different sources, includes usernames, passwords, authentication tokens, and session cookies, creating a perfect storm for phishing attacks and account takeovers. For Indian users, the stakes are high, and immediate action is essential to protect personal data. Here’s what you should do to stay secure.
To protect your accounts and personal information, take these critical steps as recommended by CERT-In and cybersecurity experts:
Change Passwords: Update passwords for critical accounts, especially banking, email, social media, and government services. Use strong, unique passwords with a mix of letters, numbers, and symbols, and avoid reusing passwords across platforms. Consider a password manager to generate and store complex passwords securely.
Enable Multi-Factor Authentication (MFA): Activate MFA on all accounts that support it, such as Gmail, Facebook, and banking apps. Use authenticator apps (e.g., Google Authenticator) or SMS-based verification to add an extra layer of security, making it harder for attackers to access your accounts.
Check for Compromised Credentials: Use tools like Google’s Password Checkup (via Chrome or your Google Account) or websites like Have I Been Pwned to identify exposed passwords. Password managers often include breach-monitoring features to flag compromised accounts.
Watch for Phishing Attempts: Be cautious of unsolicited emails, SMS, or messages pretending to be password reset requests or urgent alerts. Avoid clicking links or downloading attachments from unknown sources, and verify the sender’s authenticity before acting.
Monitor Accounts: Regularly check for suspicious activity, such as unrecognized logins or transactions. Enable login alerts on platforms like Gmail or banking apps, and use dark web monitoring tools to detect if your data appears in illicit markets.
Use Passkeys: Where available, switch to passkeys, which rely on biometric authentication (e.g., fingerprint or facial recognition) instead of passwords. Platforms like Google, Apple, and Microsoft are adopting this technology for stronger security.
Secure Devices: Protect against infostealer malware by installing reputable antivirus software, keeping your operating system and apps updated, and avoiding downloads from untrusted sources.
This enormous dataset was uncovered by cybersecurity researchers and stems largely from infostealer malware and poorly secured databases, such as unprotected Elasticsearch instances. The breach affects a wide range of platforms, from social media giants like Facebook and Instagram to tech services like Apple iCloud, Gmail, and Microsoft Office 365, as well as developer hubs like GitHub and even government and banking portals. The exposed data—structured as URLs paired with usernames and passwords—is fresh and highly exploitable, making it a goldmine for cybercriminals looking to launch phishing campaigns or hijack accounts.
For India, a major digital hub with millions of users on these platforms, the risks are significant. The sheer volume of leaked credentials—nearly double the global population—means many users could have multiple accounts compromised, potentially leading to financial fraud, identity theft, or unauthorized access to sensitive information.
Ahmedabad Plane Crash
