Geo News

Pakistanis asked to 'change all passwords' after massive global data breach

Google, Microsoft, Apple, Facebook, Instagram, Snapchat affected in data breach

By
Web Desk
|

May 27, 2025

This representational image shows a hacker. — Reuters/File
This representational image shows a hacker. — Reuters/File
  • Leaked data may have been compiled using infostealer malware.
  • NCERT recommends immediate action to mitigate associated risks.
  • Compromised data found to be lacking any authentication controls.

Pakistan’s National Cyber Emergency Response Team (NCERT) has urged citizens to change their social media passwords after a major global data leak exposed 184 million unique account credentials.

In an advisory issued on Monday, the body said that the breach exposed usernames, passwords, emails, and associated URLs tied to services from Google, Microsoft, Apple, Facebook, Instagram, Snapchat, as well as government portals, banking institutions, and healthcare platforms worldwide.

The leaked database is believed to have been compiled using infostealer malware — malicious software that extracts sensitive information from compromised systems.

This data, the advisory mentioned, was stored in plain text and left completely unprotected, with no encryption or password safeguarding.

The body said that immediate action is recommended to mitigate associated risks and to secure systems potentially impacted by this breach.

Breach's impact

Successful exploitation of the leaked credentials may result in:

1. Credential stuffing attacks — automated login attempts across services using reused credentials

2. Account takeovers — unauthorised access to user accounts and personal services.

3. Identity theft and fraud — theft of digital identity for committing scams or impersonation.

4. Ransomware deployment and espionage — targeted attacks on individuals and enterprises.

5. Government and critical sector compromise — unauthorised access to sensitive government systems.

6. Targeted phishing and social engineering — tailored scams using personal communication history.

Threat details

The NCERT advisory highlights the severe implications of this breach, which appears to be a dump of information-stealing malware. The compromised database was found to be publicly hosted, lacking any authentication controls, making it easily accessible to anyone with an internet connection.

The database included sensitive login information for major platforms, enterprises, government agencies, and financial institutions.

This "low complexity" attack vector means that while user interaction was initially required for the malware infection, the data leak itself was unhindered, requiring "none" for access.

The threat is classified as a "Data Breach, Credential Theft, and Malware Dump," with an estimated risk score of "CVSS contextually HIGH," according to the advisory.

Multi-national government agencies are at risk and banking and financial accounts could be compromised.

As a result of this breach, sensitive patient data and access could be exposed. Businesses also face a significant threat to their internal systems and data.

Exploit conditions

The advisory also warned that attackers can exploit this breach in multiple ways, including reused passwords across different services making users vulnerable to widespread account takeover.

Exposed email addresses and historical data can be used to craft highly convincing and targeted phishing scams.

Additionally, attackers can exploit this breach via targeted social engineering leveraging exposed personal content, unauthorised access to business and government accounts, and malware deployment using existing email/password combinations.

Mitigation actions

The NCERT's directive strongly advises individuals to change passwords immediately and create strong, unique passwords for all social media accounts and other critical online services.

It also advises enabling multi-factor authentication (MFA) for an added layer of security and exercising extreme caution with suspicious emails, messages, or calls.

The advisory also advised citizens to keep an eye on account activity for any unauthorised access.

The global nature of this breach means that individuals and organisations across Pakistan are at heightened risk.

According to the advisory, citizens must avoid storing passwords in emails or unprotected files and consider a password manager to securely handle account credentials.

In addition, it is recommended to use any credible online service that helps you find out if your email address, phone number, or other personal data has been exposed to a data breach.

Citizens must also monitor account login activity for anomalies and deploy endpoint protection software capable of detecting infostealer variants.

As for organisations, they must enforce password rotation policies at least annually and apply the least privilege principle across systems with sensitive access.

They must also educate employees on secure credential management and phishing awareness.

The advisory also advises the use of email activity monitoring tools to track data exfiltration and update security software and malware definitions regularly.

Apply strict controls on cloud storage services to prevent misuse, the advisory said.

Monitory and detection

Enable logging for unusual login attempts and credential stuffing indicators and monitor for access from suspicious IP addresses or geographies.

Use SIEM tools to track and correlate anomalies across accounts and services.

Incident response and readiness

Review and update incident response plans to include credential breach scenarios and validate MFA enforcement across business-critical platforms.

Conduct tabletop exercises simulating large-scale credential reuse attacks.

Patching summary

No software patch is applicable for this advisory as this incident pertains to credential exposure due to malware and improper data handling. Mitigation must be conducted via account protection, credential rotation, and security hygiene.

Call to action

National CERT urged all organisations and individuals to change compromised credentials, enforce MFA across all critical services, educate users on password reuse risks and regularly monitor for suspicious account activity.

Furthermore, the advisory said that citizens must avoid storing sensitive data in unsecured email or cloud accounts.

Timely action is essential to limit the impact of this massive credential breach and prevent subsequent compromise of systems and identities.

Telegram, Musk-owned xAI partner to distribute Grok to messaging app's users
Telegram, Musk-owned xAI partner to distribute Grok to messaging app's users
China's latest mission eyes deep-space discoveries
China's latest mission eyes deep-space discoveries
SpaceX's Starship spins out of control after flying past points of previous failures
SpaceX's Starship spins out of control after flying past points of previous failures
Elon Musk's SpaceX Starship blasts off after fiery failures
Elon Musk's SpaceX Starship blasts off after fiery failures
WhatsApp developing chat media hub to make file management easier
WhatsApp developing chat media hub to make file management easier
China, Russia sign deal to build power plant on moon 'leaving US behind'
China, Russia sign deal to build power plant on moon 'leaving US behind'
Musk blames himself for X crash, pledges nonstop work
Musk blames himself for X crash, pledges nonstop work
Elon Musk's X hit by global outage, Pakistan also affected
Elon Musk's X hit by global outage, Pakistan also affected