16 billion login credentials from top platforms like Apple, Google, Facebook, Telegram, Github and even government websites stolen!!

• A study conducted by the “Cybernews” journalists found these login credentials in public domain.
• Security researchers say this isn’t just an old dump of data that’s been floating around for years.
• Most of the leaked credentials are said to be new, well-organised, and collected through a type of malware known as infostealers.
• These malware programs silently steal usernames and passwords from people’s devices and send them to hackers, who either use them directly or put them up for sale on dark web forums

Should you be worried?

• Yes!!
• The stolen data can be easily bought on dark web which makes almost every one of us vulnerable
• Cyberhackers can use the data for phishing attacks, account takeovers, gain access to various systems, access cloud services, hijack bank accounts, etc.

What to do now?

• Change your passwords: Use strong passwords i.e combination of numbers, words, symbols
• Store your passwords in a special password manager
• Do not reuse passwords everywhere
• Enable Multi factor authentication on all your accounts
• Remove saved passwords from browsers
• Upgrade passwords to passkeys and social sign ins on platforms such as Google, telegram, WhatsApp, etc.
• Do not accept any lottery/gift link received through the messaging app channel
• Check your WhatsApp and Telegram settings regularly to see what devices are connected. Disconnect any that look old or fishy
• Monitor your account for suspicious activity

This breach is a wake-up call. The internet is becoming increasingly unsafe for users who rely on outdated login methods and reused passwords. The best defence is adopting modern authentication tools, maintaining digital hygiene and staying vigilant.

As cyber threats continue to evolve, organisations must adapt, staying ahead of adversaries to protect their data and safeguard their businesses and employees.  Organizations need to follow a positive security approach to protect data and abide by legal rules. The DPDP Act, 2023, describes a number of preventive steps:

• Implement robust security practices: Organisations need to deploy advanced encryption systems and security standards
• Employee training: Human error is a considerable factor in data breach. Companies need to invest in training their staff on data security
• Vulnerability assessment: Conducting regular assessments helps identify and address vulnerabilities before they can be exploited. 
• Data classification: Classify sensitive data based on its importance and risk level. 
• Incident response management: Develop an Incident response plan (IRP) outlining process of handling breach, minimize damage, conduct a root cause and post incident analysis

Conclusion:

• Compliance with the DPDP Act is not just about meeting legal obligations; it is about demonstrating a commitment to responsible data stewardship.
• Organizations that prioritize strong data governance, incident response readiness, and continuous security enhancements will be better positioned to navigate regulatory challenges and protect consumer interests.