Leaked Credentials from Google, Apple, Facebook Raise Alarm in Pakistan

Pakistan’s National Cyber Emergency Response Team (NCERT) has issued a critical advisory urging citizens to change their social media and online service passwords following a massive global data breach that exposed 184 million unique account credentials.

The advisory, released on Monday, warned that usernames, passwords, emails, and related URLs linked to platforms like Google, Microsoft, Apple, Facebook, Instagram, and Snapchat—as well as government portals, banks, and healthcare services—were leaked. The breach is believed to stem from infostealer malware, which extracts sensitive data from compromised systems.

Read more: “I Will Not Bow Down”: Imran Khan Urges PTI to Mobilize for Nationwide Protest

Shockingly, the leaked data was stored in plain text without any encryption or password protection, leaving it easily accessible online without authentication barriers.

Potential Impacts

NCERT cautioned that the exposed data could lead to:

1. Credential stuffing attacks – automated login attempts using reused credentials.

2. Account takeovers – unauthorized access to user accounts and services.

3. Identity theft and fraud – misuse of digital identities for scams.

4. Ransomware and cyber-espionage – targeted attacks on individuals and organizations.

5. Government and critical infrastructure compromise – infiltration of sensitive systems.

6. Phishing and social engineering – tailored scams based on personal information.

Nature of the Threat

The breach was described as a “low complexity” attack, requiring user interaction only during the initial malware infection phase. The compromised database—classified as a “Data Breach, Credential Theft, and Malware Dump”—was found publicly hosted with no access restrictions. Its risk level was marked “CVSS contextually HIGH.”

The threat affects global users, with sensitive information from major platforms, financial services, and government systems included in the breach. Businesses, government agencies, and healthcare institutions are at high risk, with patient data and internal systems potentially exposed.

Read more: US envoy denies Hamas has agreed to his Gaza deal

Exploitation Methods

Attackers may exploit this breach by:

• Using reused passwords to hijack accounts.

• Crafting targeted phishing scams using historical data.

• Launching social engineering attacks based on leaked content.

• Deploying malware using stolen email/password combinations.

• Accessing critical business and government accounts without authorization.

Recommended Mitigation Steps

NCERT strongly advises all users to:

• Immediately change passwords and use strong, unique ones for each service.

• Enable multi-factor authentication (MFA) for enhanced security.

• Stay alert to suspicious emails, messages, or calls.

• Monitor account activity for signs of unauthorized access.

• Use password managers and avoid storing credentials in unprotected files or emails.

• Use credible breach-checking tools to see if your information has been exposed.

• Install endpoint protection capable of detecting infostealer malware.

For Organizations

Organizations are advised to:

• Implement annual password rotation policies.

• Apply the principle of least privilege to sensitive systems.

• Train employees on secure credential handling and phishing threats.

• Monitor email activity for signs of data exfiltration.

• Keep security software and malware definitions up to date.

• Apply strict controls on cloud storage services.

• Enable logging for unusual login attempts and suspicious IP access.

• Use SIEM tools for advanced anomaly detection.

• Update incident response plans to cover credential breach scenarios.

• Conduct mock drills simulating large-scale credential abuse.

No Software Patch Available

As this incident involves exposed credentials due to malware and mishandled data, it cannot be resolved through software patches. Mitigation depends entirely on improving security practices, rotating passwords, and maintaining cyber hygiene.

Urgent Call to Action

NCERT has called on all individuals and organizations to act swiftly: change compromised credentials, enforce MFA on critical services, educate users on password reuse risks, and regularly monitor accounts for suspicious activity.

Citizens are also urged to avoid storing sensitive information in unsecured emails or cloud accounts. Prompt action is critical to minimizing the damage from this extensive breach and protecting against further compromise.