(NewsNation) — A data breach reportedly resulted in the leak of 16 billion records containing passwords from major sites such as Apple, Google and Facebook.
But how worried should you be, and what can you do to protect yourself?
Was this a new data breach?
The leak has been reported as a new data breach, but that’s not entirely accurate. This wasn’t a new case of websites being compromised.
Instead, it appears to be a case in which previously stolen information was packaged into a database and sold.
According to Cybernews, only one of the exposed datasets had previously been reported. Researchers also claim that datasets like these emerge every few weeks, a sign of how prevalent it is for sensitive information to be compromised.
The 16 billion records count covers datasets researchers have uncovered since the start of the year. That’s about two passwords for every person on the planet, numbers-wise.
Many of the datasets were only exposed briefly, long enough for researchers to find them, but not long enough to discover who was behind the data.
What’s in the records?
There isn’t a way to compare data between different data sets easily, but many of the records are likely duplicates, making it hard to determine how many people or accounts were exposed.
Most of the information appeared to include a URL, login details and a password, which include services from Apple, Facebook, Google, Telegram and GitHub, along with government services.
The information could be used for phishing campaigns, taking over accounts, ransomware attacks and attacks that compromise business emails.
How big is the risk?
It’s unclear who owns the data, but it’s likely to include datasets owned by cybercriminals who use large datasets to scale up attacks.
With so many records, even a tiny success rate can lead to millions of individuals falling prey to scams that get them to reveal more sensitive information, like financial account information.
What can you do to protect yourself?
Because these are compiled data sets, it’s difficult to determine if your data was included or what sites may have been compromised.
However, you can still take general security precautions to protect yourself, including using a password manager to generate strong passwords and updating passwords on a regular basis.
You should also use multifactor authentication as much as possible and monitor your accounts for suspicious activity.
If you receive texts or calls purporting to be from a bank or company, do not disclose sensitive information. Instead, hang up and call back using the organization’s customer service department.