Pakistan on cyber alert after global breach exposes data of 184 million users

Pakistan has been put on high alert following a massive global data breach that exposed the passwords and confidential information of 184 million users across major social media and online platforms worldwide, it emerged on Monday.

With Pakistani users among those affected, the National Cyber Emergency Response Team (PakCert) has issued an urgent advisory urging individuals and government agencies across the country to immediately secure their online accounts and take necessary cybersecurity precautions to prevent potential cyberattacks.

The advisory highlights that the leaked data includes usernames, passwords, email addresses, and URLs linked to platforms such as Snapchat, Instagram, Facebook, Apple, Microsoft, Google, as well as portals belonging to governments, healthcare providers, and financial institutions worldwide.

Pakistani social media users have been specifically instructed to take precautionary measures to protect their accounts.

Infostealer malware behind massive global leak

This massive breach was facilitated through the use of Infostealer malware, a malicious software designed to harvest sensitive information by infiltrating infected systems. The malware typically targets stored credentials in web browsers, email clients, and messaging applications, and can also extract autofill data, cookies, crypto wallet details, and even capture screenshots or keystrokes.

PakCert’s advisory warns that the exploitation of these leaked credentials could lead to a range of cybercrimes including credential stuffing attacks (automated attempts to gain access by reusing passwords), account takeovers (ATO), identity theft, scams, impersonation, and targeted attacks on both individuals and enterprises.

The breach also poses a significant threat to government systems, risking unauthorized access to sensitive data and facilitating tailored scams using personal communication histories.

To mitigate these risks, PakCert recommends immediate actions such as changing all passwords -- especially if reused across multiple accounts -- and activating Multi-Factor Authentication (MFA) on critical services, particularly financial, email, and administrative accounts.

Researcher finds unsecured database with 184m credentials

The data breach was uncovered by cybersecurity researcher Jeremiah Fowler, who discovered a publicly accessible, non-password-protected database containing 184,162,718 unique login credentials, amounting to 47.42 GB of raw data. The database included login information for a wide spectrum of services including Microsoft products, social media platforms like Facebook, Instagram, Snapchat, gaming accounts like Roblox, as well as banking, healthcare, and government portals from numerous countries.

Fowler explained that the database was linked to two domain names: one parked and unavailable, and another unregistered and available for purchase. The Whois (domain ownership record) registration details were private, leaving the true owner of the database unidentified. Upon discovery, Fowler responsibly notified the hosting provider, which subsequently restricted public access to the database.

However, the hosting provider declined to disclose customer information, leaving it unclear whether the data was collected for criminal purposes or as part of legitimate research that was inadvertently exposed. The duration of public exposure before discovery and the possibility of unauthorized access by others remain unknown.

Fowler further detailed that the nature of the records strongly indicates they were harvested using Infostealer malware. Cybercriminals commonly deploy this malware via phishing emails, malicious websites, or cracked software. Once infected, stolen data is frequently sold on dark web marketplaces or circulated through Telegram channels, where it can be exploited for fraud, identity theft, or launching additional cyberattacks.