The National Cyber Emergency Response Team (PKCERT) on Monday issued an advisory warning that the login credentials and passwords of more than 180 million internet users in Pakistan have been stolen in a global data breach, urging people to take immediate protective measures.According to the advisory, PKCERT identified the global breach involving a publicly accessible, unencrypted file containing more than 184 million unique account credentials.
“The breach exposed usernames, passwords, emails and associated URLs tied to services from Google, Microsoft, Apple, Facebook, Instagram [and] Snapchat, as well as government portals, banking institutions, and healthcare platforms worldwide,” the advisory read.
“The leaked database is believed to have been compiled using infostealer malware – malicious software that extracts sensitive information from compromised systems,” it added. “This data was stored in plain text and left completely unprotected, with no encryption or password safeguarding.”
PKCERT is a federal government entity responsible for protecting Pakistan’s digital assets, sensitive information, and critical infrastructure from cyberattacks, cyberterrorism, and cyber espionage.
It outlined the potential impacts of the data breach, warning that the stolen credentials could be used for account takeovers, identity theft and unauthorised access to government portals or other sensitive sites, among other potential threats.
The advisory highlighted that the publicly hosted database was storing credentials stolen from “infected endpoints” without any form of authentication or protection and “included sensitive login information for major platforms, enterprises, government agencies, and financial institutions”.
“Attackers may exploit this breach through credential stuffing across services with reused passwords; phishing attacks using associated emails and historical data; targeted social engineering leveraging exposed personal content; unauthorised access to business and government accounts; and malware deployment using existing email and password combinations,” the advisory warned.
PKCERT advised users to change their passwords and enable multi-factor authentication on all of their online services, particularly on financial and administrative accounts. “Use unique, complex passwords for every online service, avoid storing passwords in emails or unprotected files [and] consider a password manager to securely handle account credentials,” the advisory recommended.
The advisory also recommended that people change their passwords annually and use a credible online service to find out about potential breaches.
“Timely action is essential to limit the impact of this massive credential breach and prevent subsequent compromise of systems and identities,” it wrote, urging people to change compromised credentials, enforce multi-factor authentication and educate users on the risks of data breaches.