Indian government's cybersecurity watchdog, Computer Emergency Response Team (CERT-In), under the Ministry of Electronics & Information Technology, has issued an advisory for its Indian users. It flagged the exposure of approximately 16 billion login credentials, including usernames, passwords, authentication tokens, and associated metadata from platforms such as Apple, Google, Facebook, Telegram, GitHub, and various virtual private network (VPN) services.
In an advisory dated June 23, CERT-In said that this leak presents a severe risk of unauthorised account access, identity theft, phishing, and a range of other cyberattacks. The cybersecurity body recommended a series of steps individual users and organisations can take to prevent falling into such traps.
How to Stay Safe
CERT-In recommends individuals to update passwords, enable multi-factor authentication (MFA), and transition to passkeys.
"Change passwords for all affected services, prioritising email, banking, social media, and government portals. Create strong, unique passwords (minimum 12 characters, including letters, numbers, and symbols). Avoid reusing passwords across services to prevent credential stuffing attacks. Make it a habit to change your passwords regularly," the advisory says.
Further adding that users should activate MFA on all accounts that support it, using authenticator apps, hardware tokens, or SMS-based verification. The government watchdog also asks for transition to passkeys, where supported (e.g., Apple, Google), to enable password-less, phishing-resistant authentication using biometrics or device PINs.
"Run antivirus scans to detect and remove infostealer malware. Ensure operating systems, browsers, and applications are updated to address known vulnerabilities," it further adds.
For organisations and system administrators, adopting a zero-trust security model is highly recommended, as per the advisory. This includes enforcing MFA and applying least-privilege access controls across users and systems to minimise internal and external threats.
Monitoring systems for suspicious activities is also critical. Tools like intrusion detection systems (IDS) and Security Information and Event Management (SIEM) solutions should be used to identify unauthorised access attempts and configuration changes. Securing data storage is another key priority. Databases should be audited to ensure they are not publicly accessible, and sensitive data, including stored credentials, must be encrypted. Finally, conducting regular cybersecurity awareness training for employees—especially focused on phishing prevention and password hygiene—can significantly strengthen an organisation’s overall security posture.
How Data Leak Was Exposed
The massive data breach was exposed by Cybernews researcher Vilius Petkauskas in June this year. He found that 16 billion login credentials, making it the largest leak in history, were being floated online in 30 different datasets.
"Each containing anywhere from tens of millions to more than 3.5 billion records. Altogether, they uncovered an overwhelming 16 billion credentials," Cybernews said.
The data includes newly leaked credentials from social media platforms, VPNs, developer portals, and major online services like Apple, Google, Facebook, and even government portals. Except for one previously known database of 184 million passwords, all the leaked data is reportedly new.
Cybersecurity experts warn this is more than just a leak, it’s a blueprint for mass exploitation, enabling large-scale phishing attacks and account takeovers. The data is highly structured and immediately usable, posing a serious threat to global cybersecurity.
These datasets were collected primarily through malware that steals saved login details, tokens, and cookies from web browsers, and unsecured databases like misconfigured Elasticsearch systems that were left publicly accessible. Since this stolen data is now available on the dark web, it is more likely to be used by cybercriminals for attacks.
