16 billion passwords have been leaked worldwide. CERT-In has warned Apple, Google, and Facebook users. Change passwords, enable MFA, and avoid cyber fraud.
Password: Your password is your identity on the internet, and the primary protector of your banking, social media, and personal data. However, a very shocking incident has come to light. CERT-In, the Indian government's cyber security agency, has issued a major alert stating that over 16 billion passwords have been leaked worldwide. This is one of the largest data leaks to date, and it could directly affect not just millions, but possibly crores of users in India.
CERT-In's Major Alert: Your Digital Accounts at Risk
According to the latest report by CERT-In (Indian Computer Emergency Response Team), the leaked data includes not only passwords but also usernames, session cookies, authentication tokens, and other sensitive information.
Users who use Apple, Google, Facebook, Telegram, GitHub, or any VPN service are most at risk. This leak is not limited to personal data alone – it can also put your banking, business accounts, and even office data at risk.
How did the leak happen? Who is responsible?
The report states that this data leak was extracted from more than 30 data dumps. Their main sources are:
- Info-stealer malware: which steals user data by infiltrating their systems or browsers.
- Poorly configured databases: such as open or public Elasticsearch servers, which are found open on the internet without security.
Why is this leak extremely dangerous?
CERT-In has called this leak a very serious cyber threat. Its main risks are:
1. Credential Stuffing
Hackers can try the leaked passwords on different websites. If you have the same password for every site, the risk increases manifold.
2. Phishing and Social Engineering
Using the leaked information, hackers can deceive you through fake emails and calls.
3. Account Takeover
Your bank, email, social media, or company account can be hacked, and full control of it can fall into the hands of cybercriminals.
4. Ransomware and Business Fraud
By targeting companies, data can be locked, or fraud can be used to steal millions.
What to do to protect yourself?
1. Change Passwords Immediately
Update the passwords for all important accounts – especially email, banking, social media, etc., immediately. Do not reuse old passwords.
2. Enable Multi-Factor Authentication (MFA)
If an additional OTP is requested on your mobile or email during login, this can stop hackers.
3. Use a Password Manager
This tool helps create b and unique passwords for every website and keeps them secure.
4. Be Careful of Phishing
If you receive an email or message that asks you to change your password, verify your bank account, or click on a link – be cautious. Check directly on the related website.
5. Use VPN and Antivirus
Always use a VPN while browsing on unknown Wi-Fi networks and keep a trusted antivirus on your device.
Which services are at risk?
Users of the platforms that are used daily are the most affected in the leaked data:
- Apple iCloud and ID Accounts
- Google Accounts (Gmail, YouTube, Docs)
- Facebook and Instagram Profiles
- Messaging platforms like Telegram and WhatsApp
- GitHub and coding-related accounts
- VPN services like NordVPN, ExpressVPN, etc.
Digital security is now your responsibility too
Even if this leak happened because of an organization or company, the responsibility for your digital security also rests with every user.
- If you have ever used the same password in many places,
- or if you haven't changed your password for a long time,
- or if you click on 'Remember Me' while logging in to a website,
then all these can now open the door to cyber threats for you.
