After 16 billion passwords leaked, experts warn: “They have access to your entire online life”

117 0

The largest data breach in history was revealed on June 19 by the specialized website Cybernews: almost 16 billion combinations of usernames and passwords were stolen and could be used to access bank accounts, virtual communication platforms, government services and even cryptocurrency wallets. Cybersecurity experts warn that this is an attack of unprecedented scale, which exposes billions of users around the world. In an interview with Le Figaro, Sébastien Martin, president of the Web3 Security League, explains the risks and offers crucial advice for protecting personal data.

On June 19, a news site revealed a data leak that could be the largest of its kind. Sébastien Martin, president of the Web3 Security League and CEO of RAID Square, answers five questions to shed some light on the subject.

The news came as a shock. On June 19, cybersecurity website Cybernews revealed the largest data breach in history, with nearly 16 billion login credentials stolen. “This is not a simple leak, but a massive exploitation plan,” the publication claims. Malware was allegedly used to steal user data – especially Portuguese speakers – from Apple, Facebook, Google, Telegram, but also from VPN services and government institutions. Although “the information remains to be confirmed,” Sébastien Martin offers his first analysis and advice for users.

Malware was allegedly used by criminal networks to extract data, like a vacuum cleaner. We are talking about a phenomenal amount of information – if it is true, it is completely astonishing”, says the specialist. One aspect particularly alarms him: the mention of “government websites, which will need to be defined more clearly”. “It seems a bit strange to me that hackers had access to data from all countries”, notes Sébastien Martin.

He also wonders about the targeting of Portuguese-speaking users: “There could be several explanations ‒ a stronger presence of these criminal networks in these regions, a common vulnerability, or perhaps behaviour of these users that was considered more interesting?

What information was stolen and how?

We are talking about usernames and passwords that can be used to access, for example, users’ bank accounts,” explains the expert. If billions of people could be affected by this data leak, “many use the same credentials on multiple platforms.” “Once you have access to a Gmail address, you can identify all the associated accounts, with the enormous risks that arise from this,” warns Sébastien Martin. This data can then be sold, “at different price ranges.” “It’s a bit like a classic market, with supply and demand depending on the sensitivity of the data,” he explains.

To steal this data, cybercriminals have several methods at their disposal, starting with “cookies that infiltrate the user’s computer space.” Through this means, cybercriminals can observe the user’s online activities. Another method is to infiltrate “the computer’s cache,” where passwords and logins are stored.

What do cybercriminals use this data for?

The problem is that these criminals can map out the people whose credentials have been compromised, based on their online habits,” the president of the Web3 Security League points out. According to him, “the depth of the data involved is phenomenal, with accounts that can be identified as holding cryptocurrencies” – a type of account that has been increasingly targeted by physical attacks in recent weeks. Cybercriminals can also use this information for “identity theft” or “fraudulently using bank cards.” “It is necessary to clearly understand that it is not just a password and a username, but access to your entire digital life,” the specialist insists.

How can we protect ourselves from these cyber attacks?

When in doubt, the first step is to enable two-step authentication for all accounts, change your passwords and, why not, use a physical authentication device,” recommends Sébastien Martin. Apps like Gmail, WhatsApp or Telegram require, for example, scanning a QR code with your phone or validating the authentication via another device to verify the user’s identity. “It is also necessary to pay attention to your account history and activate notifications for logins from unknown locations or devices,” adds the expert.

Will cyber attacks become more common?

This attack raises serious questions about the responsibility of platforms in preserving user data,” warns the director of RAID Square. In his opinion, “the stakes now are that platforms not only implement the best cybersecurity tools, but also demand the same from their partners and subcontractors.” Thus, “the entire value chain needs to be protected,” otherwise we risk living “in a digital world full of vulnerabilities.”

For now, the information published by Cybernews has neither been confirmed nor denied by the platforms concerned. However, the specialized website Bleeping Computer claims that it is “a compilation of previously leaked and stolen login data by hackers, already exposed following previous security breaches”. Therefore, virtual communication networks, VPN services and government websites would not have been “recently compromised”. According to the cited source, this “login data has already been circulating for some time and has been collected and repackaged in a new database published on the internet”. Therefore, we will have to wait a little longer to understand the exact extent of the incident and to find out if, in fact, new information has been leaked on the internet.

 

yogaesoteric
June 30, 2025

 

Also available in: Română

You might also like More from author
Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More