Massive Cyber Breach Hits Over 180 Million Users: PKCERT Issues Urgent Warning

Global Data Breach Compromises Millions of Accounts
Pakistan’s National Cyber Emergency Response Team (PKCERT) has issued a critical advisory following a massive global data breach that exposed login credentials and passwords of over 180 million internet users, including millions in Pakistan.

Credentials Stored in Unencrypted, Public File
According to the advisory seen by Dawn.com, the stolen data—comprising over 184 million unique account credentials—was found in a publicly accessible file, completely unprotected, and stored in plain text with no encryption or security safeguards.

Major Platforms Affected Worldwide
The breach involved user data linked to major services including Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, as well as sensitive portals in government, banking, and healthcare sectors globally, raising serious security concerns.

Infostealer Malware Behind the Breach
PKCERT revealed the breach was likely caused by infostealer malware. This malicious software extracts confidential data from infected systems, leaving users exposed to account hijacking, identity theft, and other cyber threats.

Exposed Data Includes Sensitive User Information
The compromised data includes usernames, passwords, email addresses, and associated URLs. This leaked information was harvested from infected endpoints and shared online without any form of authentication or protective measures.

Wide Range of Cyber Threats Identified
PKCERT warns the stolen data could be used for credential stuffing, phishing, social engineering, unauthorized system access, and malware attacks, particularly targeting reused passwords across different platforms and services.

Immediate Action Strongly Recommended
Users are urged to change all passwords, especially for financial and administrative accounts, and activate multi-factor authentication to safeguard digital identities against potential misuse of the stolen credentials.

Use Strong, Unique Passwords for All Accounts
PKCERT advises users to avoid storing passwords in unsecured locations like email drafts. Instead, use complex, unique passwords for every service and consider using a reliable password manager for better security.

Make Password Security a Regular Habit
People are also encouraged to update their passwords annually and check their credentials using trusted breach detection tools. Timely action can significantly reduce the risk of further cyber compromise.

Nadra Data Leak Also Under Investigation
In a related case, a Joint Investigation Team found that 2.7 million Pakistani citizens’ data had been compromised between 2019 and 2023 in a breach involving Nadra offices in Karachi, Multan, and Peshawar.

JIT Recommends Accountability Measures
The probe, led by a Federal Investigation Agency official, concluded with recommendations for action against officials allegedly responsible for the Nadra breach. The report was submitted to the Interior Ministry earlier this year.

Public Awareness and Cyber Hygiene Essential
PKCERT emphasizes the importance of user education in combating cyber threats. Understanding data breach risks and adopting protective practices like password hygiene and authentication protocols can help minimize the damage from such large-scale attack.

Also Read: Car Hits Crowd at Liverpool FC Parade, 47 Injured –