ISLAMABAD – A significant global cybersecurity incident has exposed more than 184 million account credentials linked to major platforms including Google, Microsoft, Apple, Facebook, Instagram, and government and banking services.
The breach stemmed from a publicly accessible, unencrypted file believed to have been compiled using “infostealer malware,” the National Cyber Emergency Response Team of Pakistan has issued an advisory.
The database, which lacked any form of protection, included usernames, passwords, emails, and URLs. Experts warn the exposed data may fuel identity theft, phishing attacks, account takeovers, and unauthorized access to critical systems.
Security agencies urge users to change passwords, activate multi-factor authentication (MFA), and avoid password reuse. Organizations are advised to enhance employee awareness, monitor suspicious activities, and reinforce security protocols.
“Immediate action is recommended to mitigate associated risks and to secure systems potentially impacted by this breach,” read the advisory.
Impact
Successful exploitation of the leaked credentials may result in:
- Credential Stuffing Attacks – Automated login attempts across services using reused credentials.
- Account Takeovers (ATO) – Unauthorized access to user accounts and personal services.
- Identity Theft & Fraud – Theft of digital identity for committing scams or impersonation.
- Ransomware Deployment & Espionage – Targeted attacks on individuals and enterprises.
- Government & Critical Sector Compromise – Unauthorized access to sensitive government systems.
- Targeted Phishing & Social Engineering – Tailored scams using personal communication history.
Immediate Remediation
The response team has urged Pakistanis to change all passwords, especially if reused across accounts.
“Activate Multi-Factor Authentication (MFA) on all services, especially financial, email, and administrative accounts. Notify affected users if internal addresses or user accounts may be in the leaked dataset”.
