India’s Computer Emergency Response Team (CERT-In) has issued an urgent warning to businesses after the discovery of a huge leak: 16 billion usernames and passwords have been exposed online. The data includes information from popular services such as Google, Apple, Facebook, Telegram, GitHub, and several VPN and government platforms.
This leak is not the result of one big hack. Instead, it is a collection of data stolen over many years from many smaller breaches and malware attacks. Some of the information is old or repeated, but much of it is recent and could be used by criminals to break into accounts or steal identities.
CERT-In’s advice is clear. Change all passwords at once, especially for important accounts. Turn on two-factor authentication to make it harder for hackers to get in. If possible, use passkeys—these are safer than traditional passwords. Run antivirus checks on all computers and keep software up to date.
For businesses, the risks are serious. Attackers could use this data to target your staff or systems. Companies should make sure only the right people have access to sensitive information. Use security tools to watch for unusual activity. Check that databases are not open to the internet, and encrypt important data.
India’s IT ministry is now checking if any local user data is included in the leak. Firms must follow government rules, including reporting breaches quickly and keeping system logs for at least 180 days.
About The Author
