Cyber999 Advisories

1.0 Introduction
On June 18, 2025, Cybernews revealed that approximately 16 billion login credentials, including passwords of Google, Apple, Facebook, Telegram, GitHub and others were captured in around 30 unique datasets and briefly exposed online. Researchers confirmed that no centralised breach occurred at any of these services, and the most significant leak ever. According to the researchers, the data originated from a compilation of multiple infostealer malware logs, repackaged breaches, and misconfigured cloud storage instances. 

These credential collections surfaced due to hackers harvesting data via infostealer malware, malicious agents that infiltrate personal computers and siphon credentials stored in end users' browsers, apps, or files. The harvested data was then aggregated into massive, searchable datasets for criminal exploitation.

2.0 Impact
The exposure of such a vast number of credentials poses a significant security risk to individuals and organisations. The dataset includes usernames and passwords, browser-stored data, autofill information, cookies, and session tokens, potentially enabling threat actors to bypass multi-factor authentication and gain persistent access to victim accounts. The credentials span various sectors, including email platforms, social media accounts, e-banking portals, corporate services, and government platforms, making the threat truly global and multi-industry.

Victims of this breach may face credential stuffing attacks, phishing, identity theft, and financial fraud. Since some of the data was found to be freshly harvested, and not merely historical, many affected accounts are likely still vulnerable. Moreover, since infostealer infections often go unnoticed by users, many victims may remain unaware that their data has been compromised.

3.0 Recommendations
In light of the exposed credentials, CyberSecurity Malaysia recommends that users and administrators review this advisory and take the recommended mitigations for immediate protection against the impact of information-stealing malware and other information-stealing incidents that could occur on their computers.

1. Change your password if you suspect it has been compromised and leaked. Avoid reusing the same password across multiple platforms. Each account should have a complex password containing upper and lowercase letters, numbers, and special characters. This limits damage if one account is compromised.
2. Infostealers commonly extract credentials from browsers. Instead of using browser storage, use a reputable password manager (like Bitwarden, 1Password, or KeePassXC).
3. Manually remove saved passwords and autofill data from browsers (e.g., Chrome > Settings > Autofill > Password Manager). This limits what malware can extract if infected.
4. Log out of all active sessions on your email, social media, and financial accounts. Revoke access for unfamiliar devices or third-party apps linked to your account.
5. Even if you haven’t noticed suspicious activity, proactively change passwords for email, financial, and work-related accounts every few months.
6. Internet users must be vigilant of the risks of downloading and operating files from unknown sources.
7. Be cautious about clicking on ads that offer free downloads or seem too good to be true, even on trusted platforms like Meta. Always verify the source before downloading any software.
8. Users must always refer to the respective vendor websites to download applications provided by the respective vendors.
9. Users should be wary and suspicious of applications circulated on social media for downloads.
10. Users must not simply click on any links or executables they receive via social media and other messaging applications.
11. Enable and use up-to-date anti-virus software to detect and remove malicious files before they can cause any damage.
12. Enable Two-Factor Authentication (2FA). Ensure 2FA is enabled on your Facebook account, particularly if you use it for business purposes. This will add an extra layer of security in case your credentials are compromised.
13. Do regular security updates and patches.
14. Monitor Your Facebook Business Accounts. Regularly check your business accounts for unauthorised access or suspicious activity. If you see unusual behaviour, report it immediately to Facebook and change your login credentials.
15. Contact relevant authorities, such as CyberSecurity Malaysia, for inquiries and assistance related to cyber threats or suspicious activities users observe online.
16. Users are also encouraged to report directly to the Service Providers or the social media platform concerning the circulation of posts or ads with suspicious links.

Generally, CyberSecurity Malaysia advises users to be updated with the latest security announcements by the vendor and to follow best practice security policies to determine which updates should be applied.

For further enquiries, don't hesitate to get in touch with Cyber999 through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.cybersecurity.my

4.0 References

• https://timesofindia.indiatimes.com/technology/tech-news/16-billion-passwords-leaked-on-internet-what-you-need-to-know-to-protect-your-facebook-instagram-gmail-and-other-accounts/articleshow/121967191.cms  
• https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/  
• https://www.indiatoday.in/technology/news/story/16-billion-passwords-allegedly-leaked-in-massive-data-breach-experts-warn-no-service-is-safe-2743486-2025-06-20  
• https://www.news.com.au/technology/online/hacking/16-billion-apple-facebook-google-passwords-exposed-in-historic-data-leak-report/news-story/19ea7c26d818e2213adc5591941f161f  
• https://www.forbes.com/sites/daveywinder/2025/06/20/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/