Over 180 million login credentials leaked in global data breach, warns PKCERT
Data included accounts from Google, Facebook, banking, healthcare and government portals
PKCERT urges users to change passwords, enable two-factor authentication and use password managers
The National Cyber Emergency Response Team (PKCERT) has issued a serious warning for internet users in Pakistan after discovering that over 180 million login credentials and passwords have been leaked in a major global data breach.
According to a detailed advisory, this breach involved a publicly available file that contained 184 million unique usernames, passwords, emails and related web addresses. Shockingly this data was stored in plain text means it was not encrypted or protected by any password.
The leaked information includes credentials for many well known services:
- Google
- Microsoft
- Apple
- Facebook
- Instagram
- Snapchat
- Government websites
- Banking portals
- Healthcare platforms
🚨 184M+ login credentials exposed in an unprotected database – including logins from gov domains in 29 countries, @Apple , @Google & @Meta . No one knows who compiled it.
— Matter-ID (@MatterIdentity) May 26, 2025
🔐 Another reminder: data hygiene isn't optional.
📎 Full story via @WIRED : https://t.co/vKsbHkCvou…
According to PKCERT, the stolen data was collected using infostealer malware. It is a type of virus or malicious software that steals personal information from infected devices. This information was then stored and made public without any security protections.
PKCERT warned that this breach could lead to:
- Hacked accounts (account takeovers)
- Identity theft
- Unauthorized access to sensitive websites
- Phishing scams
- Social engineering attacks using personal data
- Malware attacks using known email/password combos
PKCERT is advising all internet users in Pakistan to take these steps immediately:
- Change all your online account passwords especially for bank and government accounts.
- Enable Two-Factor Authentication (2FA) on all important accounts.
- Use different and strong passwords for every service.
- Avoid saving passwords in emails or unsecured files.
- Use a reliable password manager to store and organize passwords.
- Check if your data has been part of any breach using credible websites.
- Change your passwords every year as a safety habit.
PKCERT said that quick action is necessary to protect your online identity and prevent further problems caused by this massive breach.
Also read this: COAS Asim Munir Meets Pakistan Crypto Council Chief to Discuss Digital Future
