
In an unsettling development in the sphere of cybersecurity, the National Cyber Emergency Response Team (NCERT) has warned that a major data breach has stolen over 180 million internet users in Pakistan.
The data breach is expected to involve a publicly accessible, unencrypted file containing login credentials of over 184 million unique accounts.
The NCERT advisory stated that the breach exposed usernames, passwords, emails, and URLs linked to top tech companies like Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, as well as government sites and banks.
“The leaked database is believed to have been compiled using infostealer malware,” the advisory stated, adding that the data was stored unprotected in plain text.
It was also highlighted that the cyber violation might lead to account takeovers, identity theft, and unauthorised access to sensitive sites.
“Attackers may exploit this breach through credential stuffing across services with reused passwords,” the advisory warned.
Given the gravity of vulnerabilities in question, users are advised to change their passwords and enable multi-factor authentication across all online services, especially those involving finances. The advisory recommends using “unique, complex passwords for every online service and considering a password manager.”
Changing passwords annually and using reliable online services to check for potential breaches were among the top recommendations listed in the advisory, as it stressed “timely action" to limit the impact of this overwhelming data breach.