Sixteen billion passwords for Apple, Facebook, Google and even government services accounts have been leaked in what experts are calling the single biggest data breach ever.
The password leak is thought to have come about after multiple infostealers exposed 30 datasets, each one containing anywhere from tens of millions of passwords to over 3.5 billion records.
Google was quick to warn billions of its users to change their passwords, quickly followed by warnings from other tech giants.
The FBI also sent out a warning to warn Americans about phishing risks, especially opening unknown links via SMS, according to Forbes.
All but one of the datasets exposed are not thought to have been previously made public, meaning all the sensitive data is new and likely current, as reported by tech news site Cybernews.
What’s more, the breaches may not be over, with researchers looking into the incident saying that new huge datasets emerge every few weeks, a sign that the infostealer malware is not only still active but also still effective.
“This is not just a leak,” said the team of researchers. “It’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”
How to know if your password was leaked
Unfortunately, there’s no one way to know if your password was leaked. The best course of action is to change all your passwords as soon as possible, as well as make sure you’re using some sort of two-factor authentication.
Most social media accounts will have a way of setting this up within the site or app, but you can also download external 2FA apps.
Two-factor authentication means that, when logging in from a new location or device, the service will not just require your password but also a code, either sent via SMS, email, or via a third-party app.
This adds an extra level of security to your accounts.
The good news is that the data was only publicly available for a short amount of time, so investigators hope that sensitive information didn’t travel too far from the original infostealers.
That said, you should certainly keep a close eye on your accounts and look out for any unusual activity.
When changing your password, most services will also offer an option to sign yourself out of your account on all devices, which should kick anyone who has gained access to your account out.
