https://arab.news/yuut3
- Massive data breach has exposed 184 million passwords for Google, Microsoft, Facebook, other platforms
- NCERT spokesman recommends changing all passwords, especially if they were reused across accounts
ISLAMABAD: A spokesperson for Pakistan’s National Cyber Emergency Response Team (NCERT) said on Tuesday no breach had been reported by any government agency or private company following a data breach affecting 184 million Internet users worldwide.
NCERT released an advisory on May 25 regarding a major global data exposure incident involving a publicly accessible, unencrypted file containing more than 184 million unique account credentials. The breach exposed usernames, passwords, email addresses, and associated URLs linked to services from Google, Microsoft, Apple, Facebook, Instagram, Snapchat, as well as government portals, banking institutions, and health care platforms worldwide.
“As of now, no incidents of data breach have been reported to NCERT by any government or private organization within Pakistan,” Syed Imran Haider, the NCERT spokesperson, told Arab News, adding that his organization’s incident management response team was “vigilant, in contact with all relevant departments, and working around the clock” to monitor the situation.
“We are closely engaged with global CERTs and international cybersecurity platforms.”
NCERT had provided cybersecurity guidelines to all government departments, and each organization had established its own infrastructure for data protection, Haider said.
The leaked database is believed to have been compiled using infostealer malware, malicious software that extracts sensitive information from compromised systems, with the data then stored in plain text and left completely unprotected, with no encryption or password safeguarding, Haider explained.
The NCERT advisory had recommended changing all passwords, especially those reused across accounts, and to activate multi-factor authentication on all services, particularly financial, email, and administrative accounts.
“Users are advised to use unique, complex passwords for every online service, avoid storing passwords in emails or unprotected files, consider a password manager to securely handle account credentials,” the NCERT spokesman said.
Users were also advised to monitor account login activity for any anomalies and use credible online services that can help determine whether their email addresses, phone numbers, or other personal data have been exposed in a data breach.
Commenting on the potential impact of the breach, cybersecurity expert Dr. Shahid Sultan said Pakistani users were at risk of personal account hijacking, identity misuse, and targeted scams due to the leaked login credentials.
“Banking and financial service accounts may be compromised, enabling unauthorized transactions and potential financial loss,” he told Arab News, calling on all users and organizations to remain vigilant, report suspicious activities, and act on the precautionary measures suggested by NCERT.