Refresh
More details on Aflac breach
Aflac released a press release on Friday disclosing that it had suffered a data breach that may have compromised sensitive personal information held by the insurance company. It identified suspicious activity on its networks in the U.S. on June 12.
“This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,” Aflac said. As for the extent of the breach, Aflac is still investigating, but it may include social security numbers and other sensitive information.
The infamous hacking group known as Scattered Spider is believed to be behind the attack. According to the Google Threat Intelligence Group, the group is targeting big names in the insurance industry, as we saw with a breach at Erie Insurance earlier this month.
Password managers can be a life-saver

This record-breaking data breach included URLs, usernames, and, most importantly, passwords, which means you should seriously consider updating yours for Google and Facebook. But creating strong, complex passwords is a tall order, and remembering them is even harder, especially when you should ideally have one for every site you log into.
You could try to keep them all in your head if you have Rain Man-level recall. If you don’t, why not offload that process by getting a password manager and free up all that precious memory for more important things? Password managers make it easy to securely store all of your passwords in one place, and most will even autofill them into a website or app when you log in. We dive into the best picks for iPhone, Android, privacy, and more in our guide to the best password managers.
Security homework

With this massive data breach on the mind, now is as good a time as any to do some security home work.
We’ve put together guide to the seven things you should do now to make sure your accounts and devices are safe.
We have more details in the guide but here’s a brief rundown what you need to secure.
- Passwords
- Browsers
- Two-factor and Multi-factor authentication
- Update social media settings
- Delete, remove and unsubscribe
- Update software and enable automate updates
- Check and update settings
Lockdown your Gmail

Google will reportedly require you to activate 2-step verification to access your Gmail account. Especially as Gmail was one of the affected databases in the big breach.
It’s meant to help curb phishing and spam emails that have been on the rise lately.
As part of that you should replace your password with a passkey. You can activate 2SV now if you haven’t already to get ahead of it.
Another security incident

CNBC is reporting that Aflac has “identified suspicious activity” in its network. This activity could impact Social Security numbers and other information.
“We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual,” Aflac said in a statement.
According to CNBC, the investigation is in its early stages and Aflac does not yet have the total number for potentially affected customers.
Impacted information may include claims information, health info, Social Security numbers and other personal information related to everyone from customers andbeneficiaries to employees, agents and “other individuals.”
The insurance company has said that it will offer free credit monitoring and identity theft protection and Medicaid shield for up to 2 years for anyone that reaches out to its call center.
Follow-up attacks to look out for

Now that billions of passwords have been exposed online, hackers and other cybercriminals are probably already thinking about how they’ll use this data to their advantage in future attacks. Here are the ways this leaked data will likely be used first:
If a password was leaked alongside a username, then hackers are definitely going to try and see if they can use these credentials to log in. They will likely try the account the password is associated with first and then after that, they might try to log into other popular online services.
What they’re hoping for is that the person this username and password belongs to was foolish enough to reuse the same credentials across multiple online accounts. Password reuse is one of the easiest ways you can set yourself up to get hacked, so if you use the same password on multiple sites and services, stop what you’re doing and go create a unique and complex password for each of them.
If the leaked username and password work, they’ll then take over the account and use it as their own. They could use it in other attacks or even to send out phishing messages to any contacts associated with that account.
The next big thing that we’ll likely see are targeted phishing attacks. Unlike your standard phishing attack, these ones go after specific people by using public or stolen info to build trust with potential victims. If a hacker impersonates someone you know or claims to know them too, you’re more likely to respond to their messages and you could potentially be swayed by their claims.
Finally, if a username and password combo was leaked for a banking or financial account that contains loads of sensitive personal data, hackers could try to steal your identity.
These are all the main potential threats you’re going to want to be on the lookout for but there could be more. My advice, keep your head on a swivel and keep tabs on all of your online accounts just to be safe. Likewise, consider investing in identity theft protection for additional peace of mind.
Data breach vs Data Leak

When a large number of passwords or a collection of sensitive personal information is exposed online, people often get hung up on whether it’s a data breach or a data leak. Here’s the difference between the two.
For a data breach to occur, hackers or other cybercriminals need to gain unauthorized access to a company or even a government’s systems. Once inside, they then steal or exfiltrate as much data as they can with the intention to use this info for blackmail, phishing or other cyberattacks.
Now with a data leak, the same types of personal and even financial information from a data breach may be exposed. However, how that data ended up online is the main difference. Data leaks often occur due to human error. For instance, maybe someone forgot to password protect a database and left it open online for anyone to access it. This might sound hard to believe but this happens way more often than you’d think.
Another way that a data leak can occur is through scraping. Just like marketing firms do, hackers often scrape public databases for personal details and other info. All of this data is then put together in a database and if not secured correctly, it too can leak out onto the open web.
Regardless of if you’re dealing with a data breach or a data leak, the end result for you as the user is the same. Your information is available online and could be used against you. One way to limit your exposure is by using a data removal tool. There are standalone ones like Incogni or you might find one available as an extra feature with your antivirus software or VPN, like with ExpressVPN’s Personal Data Removal service.
If this security incident has made you rethink your cyber hygiene, a data removal service is another tool you should add to your security arsenal along with antivirus software and identity theft protection.
Grouping exposed data makes breaches larger – and even more dangerous

Though this breach may be the biggest in terms of numbers it has similarities to a few other recent breaches – for example, like three other recent breaches, this latest massive breach includes older data that has been around for a while and repackages it, then leaves it exposed it an open database making it easily accessible for any threat actor to grab. When it’s discovered, it is quickly removed which makes it difficult to determine who owned the database and therefore, who was responsible for breaching the collected information.
The data leak of AT&T data that we reported about earlier this month is similar and involved more than 86 million records that tied AT&T user data to sensitive personal information like Social Security numbers and birth dates. And again, a day earlier in China, more than 4 billion records were compiled that included everything from WeChat transcripts and phone numbers to gambling history. In May of this year, 184 million passwords from companies like Apple, Google, Microsoft, Instagram, Facebook, Snapchat and more were compiled and stored in a plaintext database.
The trend towards larger and larger breaches is clear. At this point it seems inevitable that your passwords and data can, and will, be compromised at some point and it is up to the consumer to protect themselves by using every tool available to protect themselves.
Another threat to look out for

Besides having your personal data and passwords exposed online, you also need to be on the lookout for new or upgraded malware. Case in point, the Godfather malware, which was first spotted back in 2021, recently got an upgrade that makes it even more dangerous.
Godfather is a banking malware that targets popular banking and financial apps by using overlay attacks. While you might think you’re logging into your banking app once infected, you’re actually inputting your username and password onto an overlay that appears over the legitimate app.
Hackers study the look and design of popular banking apps to create these overlays which they use to harvest account credentials. With these in hand, they can log into and drain your financial accounts.
Now though, the Godfather malware is using a new trick to evade detection and steal money from unsuspecting users. Instead of overlays, the malware is now using virtual versions of legitimate apps to commit fraud in real time.
To avoid falling victim to this and other malware strains, you want to avoid sideloading apps, opening attachments or links from unknown senders and it’s always a good idea to limit the number of apps on your phone overall as even good apps can go bad when they’re injected with malicious code.
Antivirus vs Identity Theft Protection

With billions of passwords floating around online, you may be wondering what steps you can take to improve your online security. If that’s the case, chances are you might be considering investing in antivirus software or even identity theft protection. They’re both designed to help keep you safe online but there are some key differences between the two that will help you decide which is right for you.
The best antivirus software (or the best Mac antivirus software for your Apple computer or the best Android antivirus apps for your Android smartphone) is designed to protect you from malware and other threats before they can infect your devices. By using a database of known threats, your antivirus software is able to scan and flag any potentially harmful files or software.
It’s worth noting that while paid antivirus software is updated more regularly and comes with plenty of extras like a VPN or a password manager, you likely already have access to built-in antivirus software in the form of Windows Defender on PC, XProtect on Mac and Google Play Protect on Android.
Now the best identity theft protection services often come with an antivirus solution but that’s not their main purpose. Instead, they’re designed to proactively monitor your banking and other online accounts for signs of fraud or suspicious activity.
They also keep an eye on your Social Security number and other sensitive personal information. The big difference with identity theft protection is that these services include identity theft insurance to help you recover funds lost to fraud in addition to helping you recover your identity. At the same time, you also get access to experts that can walk you through the process of freezing your credit and dealing with the fallout from identity theft. They can help you get new documents too.
One big thing to keep in mind with identity theft protection is that it only works if you sign up before a major security incident takes place.
Signing up for both antivirus software and identity theft protection is the best way to protect yourself and your data online. However, this can get expensive fast. If you’re on a tight budget, I’d start with antivirus software first and then sign up for identity theft protection once you have more to lose.
One way to make things more affordable is to look for antivirus and identity theft protection providers that offer family plans. That way, you can spread the cost between multiple people and rest easy knowing that your grandparents, parents, aunts, uncles, your children and yourself are all protected. Likewise, you want to stay up to date on the latest online scams and make sure that you share this knowledge with both your older and younger family members.
Context is key

Checking your phone and seeing that 16 billion passwords have been leaked online is enough to give anyone a proper scare. However, when you’re dealing with a data breach or data leak as massive as this one, it’s important to put things in context before you panic.
Anthony Spadafora here and I’ve been covering cybersecurity news for over a decade. During that time, I’ve seen a lot of massive security incidents like this one. However, there’s one thing a lot of them have in common.
Given that no brand or company is mentioned outright in our coverage here at Tom’s Guide and at other news outlets across the web, this is an easy giveaway that this isn’t a new breach or leak but instead a collection-style one. In this case, it’s likely not brand new data being exposed online but passwords and other personal info from previous security incidents. This data is then repacked in a way that’s easier to search through and simpler for other cybercriminals to use in their attacks.
For instance, similar collections like the RockYou2024 leak with 9 billion records and Collection #1 with more than 22 million unique passwords were distributed this way in the past.
Now this doesn’t mean you shouldn’t swap out your simple passwords with strong and complex ones or take a hard look at your online security habits. It just means that you shouldn’t worry too much as there’s a high chance that a lot of these 16 billion credentials were already exposed online and likely for sale on the dark web.
So instead of being scared, let this be the powerful catalyst you need to transform your online security – by changing your passwords (or better yet switching to passkeys), locking down your online accounts with 2FA, deleting unused accounts and apps, and sharpening your ability to spot a phishing scam.
I’ve been hacked and this is everything I did to fix it

If, like our own James Frew, you have also committed the security sin of reusing passwords or have used an unsecure Wi-Fi, or some other less-than-safe computer behavior, and wound up getting hacked, you might wonder what you should be doing next. Here’s everything James did to re-establish a safe, secure computing environment for himself and make sure he was practicing safe computer habits.
2. Enable Two-Factor Authentication
4. Sign up to Have I Been Pwned
5. Start fresh
Facebook will soon have a passkey option

As more and more companies realize how easy it is to breach passwords, how frequently users reuse them – or use weak passwords – they have begun moving to a stronger method: passkeys.
Microsoft recently announced that the Authenticator app will shut off the password autofill feature in July, a move that the company is likely making as it moves towards a passwordless future. And Google recently issued a security warning encouraging users to enable two-factor authentication or risk an account lock down; Google’s VP of privacy Evan Kotsovinos was quoted as saying another good step to make your account even more secure is to replace your password entirely. Kotsovinos’ recommendation is to trade your password in for a passkey, which involves using your biometric information like your fingerprint or facial recognition alongside a trusted device like your smartphone.
To that end, Facebook announced this week that it would soon be rolling out passkey login’s for its users, making it both easier and more secure to sign in to its services. Facebook users should soon see the option to enable passkey login’s in the Account Center, from the Settings of their Facebook accounts on their mobile devices, and the option will also get rolled out to Messenger, and eventually Meta Pay.
The Facebook passkey will work with the same fingerprint, facial recognition or PIN technology that you use to unlock your device. Because they’re stored on your device, they cannot be guessed, cracked or shared. However, if you still wish to use a password, you can.
What to do once your data has been exposed

Though it can be scary to know that your data is out there on the web, circulating amongst hackers, there are steps you can take to protect yourself.
First, as we’ve mentioned below, make sure you’re changing the passwords to your accounts and using unique, strong passwords for each account. When possible, use passkeys instead. Always use two-factor or multi-factor authentication when an account has it available.
As with all data breaches, the biggest threat will be phishing attacks and online fraud. Avoid clicking on links or downloading attachments from unknown senders as hackers often set up fake pages to steal your credentials, credit card data and other sensitive info.
Never click on any unexpected links, attachments, files or QR codes from people you don’t know. You also want to be wary of people on social media who may reach out to you with offers or those who want you to download or click on files or attachments. If you receive something that appears to be from someone you do know, confirm it with them in an independent manner like calling them on the phone, or texting them.
If you haven’t signed up for one of the best identity theft protection services, now might be a good time to look into them. You can also consider putting fraud alerts on your files with the Big Three credit-reporting agencies Equifax, Experian and TransUnion, and even instituting a credit freeze (although doing so can complicate getting a loan or opening new payment accounts).
When going online, make sure you have one of the best antivirus software programs installed and up to date since these programs often include a have VPN, password manager, secure browser and other extra security tools to help keep you safe online.
Another data breach confirmed

While not part of the 16 million passwords leaked in the data breach we’re covering, BleepingComputer reported on another confirmed data breach, this time from Krispy Kreme.
According to the report, over 160,000 individuals were impacted by a November 2024 cyberattack, with attackers (apparently claimed by the Play ransomware gang) stealing personal information. The U.S. chain sent notifications to the people who were affected.
Data breaches are on the rise, and the recent massive leak of login credentials across multiple platforms shows that now’s the time to stay safe online. Make sure you’re using one of the best VPNs and best antivirus software to keep your accounts secure.

One of the key risks of a data breach this big is how easily cybercriminals will be able to access multiple accounts, especially for those who reuse passwords. A survey from NordPass indicates that as many as 62% of Americans, 60% of Brits and 50% of Germans admit to reusing passwords across multiple online accounts.
Ignas Valancius, head of engineering at cybersecurity company NordPass, had this to say:
“Users must be extra careful because information in the leaked datasets opens the door to pretty much any online service, from Facebook and Google to GitHub and Telegram. Even some government platforms were compromised.
“I recommend changing passwords immediately before the threat actors start poking around in your accounts. You need to act fast because platforms like Google, Apple, or Facebook are the gateways to your entire digital life, especially if you store passwords in browsers and don’t use multi-factor authentication (MFA) or passkeys.
“If hackers manage to get their hands on your password for Google, Apple, or Facebook, stealing your money and identity may be easier than taking candy from a three-year-old.”
The data breach isn’t all “new”

A recent report from cybersecurity site BleepingComputer indicates the 16 billion password data breach actually isn’t new, with the data instead likely to have been circulating for years.
The data may have been collected by cybercriminals and researchers and repackaged into the massive database, only for this to be exposed online. The infostealers involved in compiling the login credentials, such as usernames and passwords, may have been collected over time, with different archives being into the massive database.
Cybernews states that the data in the breach is recent and “not merely recycled from old breaches,” but some data could be overlapping.
Either way, many credentials were exposed in the breach, so it’s a good idea to secure your accounts, change your passwords and stay safe.
Update: Cybernews shares datasets with Apple, Google, Facebook and more URLs

Since news broke about the data breach, it’s been difficult to tell if login credentials included accounts from Apple, Google, Facebook and more. But Cybernews has now shared screenshots of the datasets (not including personal info, of course).
These datasets show that there are URLs to Facebook, Google, Github, Zoom, Twitch, and other login pages. However, with the amount of data that is being exposed, the number of platforms that are affected is uncertain. As previously noted, there’s reason to believe that every major platform has been affected by the data breach.
An alternative security option

Many companies, including Google, Apple, and Microsoft, are using passkeys to reduce the growing risk of phishing attempts, as login credentials in data breaches that cybercriminals use can lead to account takeovers. In fact, Microsoft is now making passwordless the default for new users.
Niall McConachie, regional director (UK & Ireland) at Yubico (the company behind the YubiKey), reached out to weigh in on the data breach:
“As this huge data breach shows, passwords are just not good enough to protect our most important personal details and secure our online presence,” McConachie states. “By continuing to rely on passwords, huge data breaches like this will persist — and they’ll only get worse.
McConachie continues: “As we rely on the internet more and more for critical services, users should opt for the highest-assurance authentication method to ensure their data is fully protected and not at risk of being accessed by cyber criminals.
“Instead of relying on passwords or legacy MFA to keep accounts safe, users must be encouraged to protect their accounts with device-bound passkey options like physical security keys.”
Follow these steps to prevent getting hacked

Data breaches aren’t anything new, and one of our team has been hacked before. This was due to Adobe being hacked and the attackers getting a list of 153 million usernames and passwords in 2013.
If you’re worried about the 16 billion data breach, you can find out the best steps to take to prevent being hacked and improve your online security.
Some essential tips include signing up for Have I Been Pwned, staying clear of reusing passwords, deleting unused accounts and making sure to enable two-factor authentication.
Record-breaking data breach?

We’ve seen major data breaches before, including the RockYou2024 leak exposing nearly 10 billion passwords with a mix of old and new records, along with the previous RockYou2021, which kicked off with 8.4 billion passwords.
Recently, the largest ever data leak hit China and exposed more than 4 billion user records. This breach included financial data, WeChat and Alipay details as well as sensitive personal info like IDs, birthdates, phone numbers, and residential data.
This 16 billion password data breach is one of the largest in history, but last year we reported on the supermassive Mother of all Breaches (MOAB), which contained 26 billion records or 13 terabytes of data taken from previous leaks, breaches and hacked databases.
How to stay safe from infostealing malware

With infostealers being the cause of the mass data breach, it’s best to know how to keep your PC secure from the malware.
- Trusted downloads: Only download software through legitimate websites and sources.
- Stay clear of suspicious emails: Never click on unexpected links or attachments. Make sure you know the signs of phishing emails.
- Update your system: Whether it’s on your iPhone, Android phone, Windows laptop or MacBook, keep your system up to date with the latest security patches to stay secure.
- Use a VPN: Virtual private networks can mask your identity online, making it harder for threat actors to track you down. Be sure to use one of the best VPNs.
- Download antivirus software: This can keep many forms of malware at bay, including known infostealers. You can check out the best antivirus software for your system.
- Enable 2FA: In case your login credentials are caught in the data breach, enabling two-factor authentication will make it harder for cybercriminals to access your online accounts.
Were Apple, Google and Facebook passwords leaked?
The datasets with exposed login credentials contained old and recent infostealer logs, and as Diachenko points out: “Credentials we’ve seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages.”
Many of the data sets contained other specific information. One dataset was named after Telegram with 60 million records, another was labeled with a name relating to the Russian Federation with 455 million records and one with the largest amount of records at 3.5 billion is said to have a connection to a Portuguese-speaking population, as Cybernews reports.
However, many datasets were also simply named “logins” and “credentials” with massive amounts of information. There’s no way to tell what services these are for, and considering the billions of credentials leaked, there’s reason to believe that accounts for any platform online are at risk.
Google warned users to replace passwords

Earlier this month, Google released a survey detailing the growing awareness of the threat from scams in the U.S., stating that over 60% of users in the U.S. have seen an increase in scams over the past year. While many have seen scams through SMS texts, 61% state they have been targeted through emails.
Plus, the survey notes that one-third of those experiencing an increase in scams have “personally experienced a data breach.” What’s more, the FBI also states that online scams have seen a 33% rise last year, with a total of $16.6 billion being stolen.
In light of this data breach, there could be a major rise in phishing scams or account takeovers. This is why Google has warned users to change their passwords and rely on other forms of authentication, including passkeys.
Data breach only exposed ‘briefly’
While this is named the largest data breach in history, the 16 billion login credentials were only exposed “briefly,” according to researchers in the Cybernews report. However, it’s still long enough for threat actors to gain information and to put accounts at risk.
“The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data,” Cybernews states.
Along with this, out of the 30 datasets discovered, the majority of these were temporarily accessible through Elasticsearch, which is a free and open-source search engine, or “object storage instances.”
Infostealer malware is to blame

As per reports, infostealers are what caused the exposure of login credentials. This is a form of malware that can secretly steal sensitive data like passwords or chat logs and send them back to hackers.
Cybersecurity expert Diachenko states: “It comes from various infostealers logs. Probably a backend infrastructure left exposed. Elasticsearch is a good environment to query such logs.”
Cybersecurity expert weighs in
We reached out to security researcher and owner of SecurityDiscovery.com Volodymyr Diachenko, about the data breach, who explains that it wasn’t just from one infostealer malware, but many:
“First things first — it wasn’t a single source of exposure. This is not about the number (though it is scary!), but the scale and rise of infostealers infections these days,” Diachenko states.
“What this number reflects is the size of different infostealers datasets exposed publicly since the beginning of this year alone. They were observed by me and my team via passwordless repositories left exposed inadvertently.”
The data breach is known to have come from various infostealers.
Change your passwords

With 16 billion login credentials being exposed, there’s a big chance that your account is at risk. If left unchecked, cybercriminals can gain access to your accounts, leading to phishing attacks, identity theft, ransomware and more.
To counter this, change your passwords immediately, especially if you reuse passwords for multiple accounts. It’s a good idea to use a strong, complex password with a mix of numbers and symbols, and use PasswordMonster’s Password Strength Meter to see how effective it is.
To manage it all, it’s a good idea to use one of the best password managers, as these will store, secure and autofill your passwords, and they also support passkeys across accounts.
Find out if you’re affected

The easiest way to find out if your email and password are affected in this mass data breach is to use Have I Been Pwned. It’s a free service that collates data from hacks and can also send you alerts when your online account is at risk.
The site will notify you if your email is involved in the breach, and you can also check if your password has been exposed through Pwned Passwords.
You can do a manual check right on the site, but we also recommend using the Notify Me service to make sure your accounts aren’t affected in the future, too.
What’s happening now

Security researchers have identified what they call “one of the largest data breaches in history”, which includes more than 16 billion logins that include Apple credentials. According to a report from Cybernews, the staggering amount of information is contained in numerous datasets that have been uncovered since the start of the year.
So far, the researchers have discovered 30 datasets, each containing up to 3.5 billion records. This includes everything from social media and VPN logins to corporate platforms and developer platforms.
“This is not just a leak — it’s a blueprint for mass exploitation,” the researchers told Cybernews.




