16 Billion Passwords Stolen: What to Do Now
According to the website, the datasets contain usernames, passwords, cookies, and session tokens and affect many major online services, including Apple, Google, Facebook, Telegram, and many more. Other experts were skeptical. The Ministry of the Interior was also not aware of a leak of this magnitude.
According to the website, the information mainly comes from so-called infostealer malware, which is malware that specifically targets login data from devices. The databases were mostly accessible only briefly via unsecured servers. It remains unclear who is behind the collection.
Specialist Portal Doubts the Currency of the Data Leak
The renowned site "bleepingcomputer" viewed the incident as less dramatic. "No, the leak of 16 billion access credentials is not a new data breach," it said. In fact, it is a compilation of previously leaked access credentials, stolen through infostealer malware, previous data leaks, and so-called credential stuffing attacks. The affected websites were therefore "not recently compromised to steal these credentials." The data has been circulating "for years" on the internet.
"You Can View This a Little More Cold-Bloodedly"
Thomas Boele from the security specialist Check Point Software Technologies was also very skeptical: "We assume that these are older data from the data dump." Although a general all-clear cannot be given in this case. "But you can view it a little more cold-bloodedly." On the one hand, the data is apparently relatively old. "And if users have followed the usual best practices, they can be relatively relaxed."
The responsible specialists at the Austrian Ministry of the Interior were also not aware of a leak of this magnitude. However, they generally called for passwords to be changed as a preventive measure. Security can be significantly increased through two-factor authentication. Passwordless login via the passkeys method is also recommended.
(APA/Red)
This article has been automatically translated, read the original article here.