The title of the article, unfortunately, is absolutely correct: well 16 billion access passwords are in circulation on the web In what seems to be in all respects the largest exposure of sensitive data ever recorded so far (overcoming the escape of Rockyou2024 data last year). The extent of the exposure is unprecedented, both by volume and for impact. According to the team of CyberNewswho conducted the investigation, at least were found 30 distinct archiveseach with millions – and in some cases billions – of records. None of these (apart from one) had ever been documented before, which suggests that it is “fresh” material and never passed through the official analysis channels.
These datasets are not the result of a single violation, but seem to represent a new systematic strategy of the collection and diffusion of stolen credentials. The researchers underline that the frequency with which new data sets emerge shows how much the diffusion of is now widespread and persistent infostealera category of malware designed to subtract personal information from compromised devices. Online services such as Apple, Facebook, Google, Github, Telegram and, apparently, even government portals There are no exception: the information contained in the logs reveal direct accesses to a multitude of platforms. Faced with this reality, it is essential to adopt more aware digital behaviors, such as the adoption of passkey (when possible), the control of devices to identify malware and the activation of advanced safety systems, such as two -factor authentication.
The severity of the circulation of 16 billion passwords
This is not a simple isolated database: i 16 billion records Recently discovered they include information from different sources, but with a common element: stolen passwords are all ready to be exploited. The researchers explain that the data analyzed derive largely from Credential Stuffingfrom old losses reconfented and above all from infostealer. The latter term indicates harmful software designed to steal credentials and other sensitive data from infected computers, collecting them in standardized structures, which include URL, username and password.
It is precisely this structure consistent that makes the material so dangerous. Unlike chaotic or partial escapes, here they are complete lists, with potentially valid access for millions of online accounts. In some cases, the files even contained Session cookies And authentication token: Elements that can bypass not only traditional security mechanisms, such as the classic password login, but also the authentication systems for multiple factors. In this regard, Aras Nazarovasone of the researchers who discovered everything, in fact explained:
These cookies can often be used to get around 2fa methods (two -factor authentication, editor’s note) and not all services reset these cookies after changing the account password. The best thing in this case is to change passwords, activate the 2fa, if it is not yet enabled, carefully monitor your accounts and contact customer support if suspicious activities are detected.
The origin of these data, at least for now, remains in part unknown. The researchers were unable to determine with certainty who controlled the archives, in part because their public exposure was very short. Generally, they were systems like Elasticsearch o badly configured cloud archives, accessible without protections. According to experts, however, it is certain thatAnd at least part of the data was in the hands of cybercriminal groupsinterested in filling in them and then selling them or exploiting them directly.
And let’s not talk about a theoretical threat. The combination of updated data and automated tools allows large -scale computer attacks, including: targeted phishing, identity theft, company compromises or Bec (Business e-mail compromise) and even attacks via ransomware (programs that block the devices asking for a ransom to unlock them). Also a success rate of1-2% on a basin of 16 billion It can mean millions of users really at risk.
The services concerned
The leaked data virtually cover all types of service. From social network to the platforms of messagingcome on Cloud storage services to Developer tools. Some sets were called with generic names such as “login” or “credentials”, others let the source or malware that had originated them. For example, an across archive 455 million records was probably annexed to Russian Federationwhile another from 60 million He beat the name “Telegram”.
The potential impact is hardly quantifiable, also due to duplicate data: the same account could appear in multiple sets, but there is no way to precisely measure overlapping. The total volume is indicative of a phenomenon that has now exceeded the limits of the individual attacks, to transform itself into a real “underground” economy of digital violation.
Behind this colossal data collection, a change in the behavior of the web antagonists is probably hiding. According to the researcher already mentioned, Aras Nazarovasthe fact that the data circulates in centralized archives instead of Telegram groups – once favorite channels for illegal trade – suggests that a new method of managing stolen information is being consolidated, more efficient and industrialized.
How to protect you now
Now that we explained to you, in summary, what happened we come to us: What to do to protect your accounts from similar violations? The recommendations are always the same: used password generators included in password managers to create unique and complex credentials, update them periodicallyactivate thetwo -factor authentication Where possible and prefer safer authentication tools of simple SMS, such as authentication apps or passkey. In addition to this, monitor your devices with reliable software, to ensure not to host unconsciously infostealer. And always remember: when you are online, keep your eyes always well open!
