Massive leak of 16 billion passwords affecting Apple, Google and Facebook users. What to know

An incredible 16 billion passwords have been leaked in what tech experts are calling the largest data breach ever. The breach contains a massive amount of information that can affect billions of online accounts since cybercriminals now have access to a massive amount of login credentials. Cybernews researcher Vilius Petkauskas, whose team has been investigating the online theft since the beginning of the year, told Forbes Magazine that the breach comprised “30 exposed datasets” including logins from Apple, Google, Facebook and more. A Cybernews report details that the stolen records from the 30 databases, each contain up to 3.5 billion passwords from social media and VPN logins to corporate platforms. These aren’t just “old breaches being recycled” but rather “fresh, weaponizable intelligence at scale,” the Cybernews researchers warned. Here’s how to find out if you’re affected and how to stay safe. What has been exposed in the leak? Currently, almost all major platforms have been affected, including Apple accounts (formerly Apple IDs), Gmail, Facebook and GitHub, as well as instant messaging platforms such as Telegram and commercial and government platform portals. The data appears to contain URLs, usernames and passwords. “However, with the unfathomable size of the data that’s been exposed, there’s no way to tell how many accounts are currently under threat,” reports tomsguide.com . The stolen data appears to come from several infostealers (malicious software created to breach computer systems and steal sensitive information, such as login details). The datasets are reportedly new, but the sheer amount of info could also be from a mix of different datasets from previous breaches. One of those previous breaches included a database containing 184 million records, as reported by Wired Magazine in May. How can you protect your accounts? First, check on your accounts. To find out if your login credentials have been affected, you could use: Have I Been Pwned . Second, change passwords to affected accounts, but consider doing it anyway with any major accounts where you may be at risk. (Apple, Facebook, Google). Third, a recommended method to keep your accounts secure is to enable two-factor authentication (2FA). This is intended to stop threat actors from easily accessing your online accounts. A second-step authentication through an app, phone, passcode or a physical USB key will need to be approved by you. If you haven’t already, find out how to enable 2FA here . Fourth, delete unused accounts and consider using a password manager to secure your online accounts. A password manager provides a secure place to store all your passwords in one place, so you can autofill them into a website or app instead of remembering all of them. Fifth, consider using passkeys instead of passwords . Passkeys aim to keep your accounts more secure by using passwordless logins instead of traditional passwords. Each passkey is unique — a digital key that can’t be reused. They’re also stored in an encrypted format on your devices, instead of on a company’s server. That keeps them safe from a data breach.

• Global Affairs investigating 'malicious' hack after VPN compromised for over one month
• China-backed hacker hijacked 9,200 Canadian devices to operate illegal hacking network: FBI and CSIS

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our daily newsletter, Posted, here.