Cybernews reported on Wednesday on its research that resulted in the online discovery of 30 datasets that include 16 billion records of user login information for “pretty much any online service imaginable,” including Apple, Facebook, and Google.
The records include a URL and login information. Since this data is what is often collected by malware, it appears that these records are a result of numerous infostealer attacks. Cybernews states that the datasets do include overlapping records, but the enormity of the data collection makes it difficult to compare individual records in order to conclude how many users have been exposed.
The exposed datasets have not been previously reported, except for one discovered by Jeremiah Fowler that had 185 million unique usernames and passwords. The datasets are also made available temporarily and are taken down after some time. Cybernews states that new databases appear “every few weeks” with “fresh, weaponizable intelligence.” It is also not clear as to the origins of the datasets and who is behind the data collection.
How to protect yourself
To protect yourself from malware, avoid downloading software from repositories such as GitHub and other download sites. Apple has vetted software in the Mac App Store and it is the safest way to get apps. If you prefer not to patronize the Mac App Store, then buy software directly from the developer and their website. If you insist on using cracked software, you will always risk malware exposure.
Never open links in emails or texts you receive from unknown and unexpected sources. If you get a message that looks like it is from an entity that you do business with, check the sender’s email address and inspect the URL carefully. If you see a link or button, you can Control-click it, select Copy Link, and then paste it into a text editor to see the actual URL and check it.
Phishing attacks often involve a user inadvertently visiting a website with a mistyped URL. So, verify the URL you have typed into your browser. Bookmark the sites you visit frequently so you don’t have to type in the URL every time. In some instances, you can use a search engine; type the name of the place you want to visit, and then click on the link after looking at the URL it goes to. For example, type “Macworld” into the search engine you use, and then click on the link that’s designated at www.macworld.com. This way isn’t as efficient, but if you make a typo, you’ll see it in the search and the search engine will steer you in the right direction.
In an instance where you believe your data was exposed in a data breach, there are a few steps to take to protect yourself:
- If you continue to use the service that was breached, change your password and enable two-factor verification.
- Check your credit report and freeze it. This will help block unauthorized approvals to financial services that are being made in your name. If you need to sign up for a service (such as a loan or credit card), you can temporarily unfreeze your account so a credit check can be performed.
- Check your records for all of your financial institutions. If you access them online, change your passwords and enable two-factor verification. Some institutions also provide alerts when attempts are made to access your account.
- Use a service such as Have I Benn Pwned to see if your email address was involved in a data breach.
Apple releases security patches through OS updates, so installing them as soon as possible is important. It’s also important to update the apps on your Mac, which you can do through the App Store or the app’s settings. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
