The figure makes it vertigo: 16 billion stolen identifiers which were gathered and then published in structured form on a forum specialized in cybercrime. For experts, it is not a compilation of old bases already known. The alert launched by CYBERNEWS is based on fresh data, mostly obtained via malware of the Infostealer type, capable of sucking the identifiers stored in browsers or unprotected password managers.
The data in question were organized in around thirty separate sets, only one of which alone would contain nearly 3.5 billion lines. Inside, there are thousands of targeted platforms, ranging from web giants as Google, Apple, Facebook or GitHub, up to sensitive services such as banks, encrypted messaging, VPNs or even government services. Many digital identities are exposed to a risk of massive hacking, with all the effects that this can cause.
An operational database
Unlike certain past leaks, where the data was often incomplete or obsolete, the corpus discovered this time is described as usable, structured and “ready to use”. In other words, it represents a real tool kit for cybercriminals. Clearly, these identifiers can be used for:
- Launching attacks by Credential Stuffing (automatic test of millions of logins on various sites),
- hack personal or professional accounts,
- Go around poorly configured security systems,
- deploy targeted ransomware after first infiltration,
- Or the identity of victims as part of online scams.
Certain payment services such as Alipay you wechat Among the targets identified, which suggests the possible level of sophistication of upcoming attacks, especially in professional environments, banking services or messaging applications.
The data was not all obtained in the same way because the researchers evoke several collection vectors: infections by infostealer type malware, foundation of previous leaks, collection of data via questionable browser extensions, or even stalchbone (phishing). Added to this is the growing trend in the exploitation of human flaws, in particular through reuse of passwords on different services.
In many cases, the victims are not aware that their machine is compromised, the infostealers operating discreetly in the background. Once the information has been collected, it is aggregated on clandestine servers before being sold or published as here, on a very large scale.
How to protect yourself?
Faced with the magnitude of the threat, specialists call for immediate strengthening of good digital security practices. The first emergency: to change your passwords, in particular those related to critical services (email, bank accounts, social networks).
The use of a secure password manager is highly recommended to generate unique and robust passwords. Most experts also insist on the importance of activating double authentication (2FA) wherever possible, or even go to Passkeys when platforms allow. These more recent safety systems considerably limit the risk in the event of an identifiers leak, as they make the connection dependent on a device or a biometric validation.
It is also useful to check whether your email address is in a compromise base, by consulting services like Have I Been Pwned or Firefox Monitor. Even if the recently put online base has not yet been integrated into these tools, this allows you to measure your past exhibition.
๐ฃ To not miss any news on the Geek newspaper, subscribe to Google News and on our WhatsApp. And if you love us, .
