This site uses cookies to enhance your browsing experience and analyze site usage. By continuing, you agree to our use of cookies. Read our Privacy Policy
What we know about the worlds largest data breach
What happened?
On June 18, Cybernews publicly reported through its research with an online discovery of 30 datasets that includes 16 billion records of user login information (URL and login information) for “pretty much any online service imaginable.” This shocking discovery includes name drops like Apple, Facebook, and Google. In the 16 billion were 3.5 billion passwords.
Considering this data is often retrieved by malware, it demonstrates that these records are a result of numerous infostealer attacks (malicious software created to breach computer systems and steal sensitive information, like login details).
Cybernews researcher, Vilius Petkauskas, went on to explain that the datasets do include overlapping records (some of the data may have already been exposed in oprevious breaches); however, the enormity of the data collection proves to be challenging to compare individual records to conclude the actual total of users who were exposed. Datasets that have been exposed have not been previously reported, except one that was discovered by Jeremiah Fowler. Fowler discovered 184,162,718 unique logins and passwords (an insanely huge 47.42GB of raw data) for Apple, Discord, Facebook, Google and Instagram.
The datasets were temporarily available until they were taken down a while after being discovered. Cybernews claims that new databases appear “every few weeks” with “fresh, weaponizable intelligence” however, they are potentially not new. The origins of the datasets and who is behind the data collection currently remain a mystery.
What do we do now?
As of right now, virtually all major platforms have been affected, including Apple accounts (also known as Apple IDs), Gmail, Facebook and GitHub, as well as instant messaging platforms such as Telegram and commercial and government platform portals.
The first step is to check in on your accounts.
To find out if your login credentials have been affected, you could use: Have I Been Pwned.
Next, protecting ourselves from malware means avoiding downloading software from repositories such as GitHub and other download sites. Apple has vetted software in the Mac App Store, which is perhaps the safest way to get apps. However, if you prefer not to patronize the Mac App Store, you take a risk. Buying software directly from the developer and their website might be safe if they are trustworthy, but how are you able to establish that trust.
You remain at risk of malware exposure if you continue to use cracked software or software from untrusted sources. Furthermore, being diligent about not opening links in emails or texts you receive from anonymous and unexpected sources is recommended. If you get a message that looks like it is from an entity that you are actually conducting business with, check the sender’s email address and inspect the URL with precision. If you see a link or button, you can Control-click it, select Copy Link, and then paste it into a text editor to see the actual URL and check it. Phishing attacks often involve a user inadvertently visiting a website with a mistyped URL, which makes verifying the URL you have typed into your browser crucial.
So even if that email or text comes from what appears to be a trusted source, if your spidey sense tingles, verify it or call the person who allegedly sent you that text or email!
Tip: Bookmark the sites you visit on a regular basis, so you don’t have to type in the URL every time you visit.
There are times when you can use a search engine; type the name of the place you want to visit, and then click on the link after looking at the URL it goes to. For example, type “Macworld” into the search engine you use, and then click on the link that’s designated at www.macworld.com. This course of action isn’t as efficient, but if you make a typo, you’ll see it in the search and the search engine will steer you back on the right track. Search engine typos are taken advantage of by the attackers too. A site like www.whatismyip.com could be spoofed by using v’s instead of w’s www.vvhatismyip.com. A quick glance at the domain name might not be enough! Detect and protect!
It is better to be safe than sorry they say.
The next steps
If you do believe or see signs that your data is exposed in a breach, there are measures you can take to lock down your information:
An Opened ended Conclusion to an even bigger question?
While the internet offers incredible benefits and the examples are endless, with all our access to the many accounts we seem to need these days, it also presents an extraordinary number of risks. We are not entirely safe online, but being diligent and taking precautions can significantly reduce these said risks and stay up to date on Emerging Threats. Making sure your personal information is private online is critical at preventing identity theft, financial fraud, scams and other insidious activities as explained in our previous articles.
Over sharing your personal data can leave individuals vulnerable to all of it stated above, as well as sometimes even physical harm (watch for our future article delving into the dark side of this dilemma).
It also helps maintain control over one's online reputation and prevents manipulation by third parties.
Constantly changing passwords as well as using different passwords for the array of platforms we are bombarded with is a mandatory first step (check out Cyber Smart in Your senior years for password organizers and examples).
With the right guidance, we can stay vigilant about our online safety, but it does raise an important question, how worried should we really be?
Uncover how we can help put your resilience to the test.
