A colossal global data breach has exposed over 184 million unique credentials—including usernames, passwords, and email addresses—linked to major tech platforms such as Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, as well as critical services in banking, government, and healthcare.
Pakistan’s National Computer Emergency Response Team (NCERT) has issued a high-alert advisory, revealing that the compromised data was collected via info-stealing malware and left unencrypted in an open, publicly accessible database.
NCERT reported that the database had no encryption or access controls in place, putting the information at extreme risk. The stolen credentials were silently harvested from infected systems without requiring user interaction. As the leaked database can be accessed without any authentication, experts fear a surge in credential stuffing attacks, where hackers attempt to log in to multiple services using stolen credentials.
READ MORE:
Car Plows Into Celebrating Liverpool Crowd, Leaving 27 Injured
The breach significantly increases the risks of identity theft, phishing attacks, account takeovers, and ransomware threats for both individuals and organizations. Government systems and sensitive sectors are particularly vulnerable to exploitation.
NCERT urges immediate action. Individuals are advised to change their passwords—especially for accounts where credentials are reused—and enable multi-factor authentication (MFA) on sensitive accounts.
Organizations are encouraged to notify affected users, conduct system audits, implement password rotation policies, and enhance monitoring. Additional recommendations include strong password practices, avoiding reuse across platforms, using password managers, deploying endpoint protection, updating malware definitions, and applying least privilege access controls.
As there is no software patch for this breach—since the root cause is malware and improper data storage—NCERT stresses that prevention and mitigation depend on proactive security practices and user awareness. A timely and unified response is critical to minimize damage and protect national cybersecurity infrastructure.
