Over 180 million Pakistani internet users face a serious digital security threat following a massive credential breach, according to a new advisory by the National Cyber Emergency Response Team (PKCERT). The breach, part of a global cyber incident, exposed millions of login credentials, prompting urgent calls for action.
Global Breach Exposes Critical Data
PKCERT revealed that an unencrypted, publicly accessible file containing over 184 million usernames, passwords, and emails had surfaced online. The data, linked to platforms such as Google, Microsoft, Apple, Facebook, Instagram, and government and financial institutions, was reportedly gathered through infostealer malware.
This malicious software harvested login data from compromised systems, storing it in plain text without encryption or access restrictions. The database includes sensitive account information from individuals and organizations across various sectors.
Read: SpaceX Engine Test Ends in Fiery Explosion at McGregor Base
Severe Security Risks Identified
The exposed credentials pose several risks. PKCERT warned of potential account takeovers, identity theft, phishing scams, and unauthorized access to government and business platforms. The advisory noted that attackers could also launch malware using known email-password combinations.
Credential stuffing—a method where hackers use leaked login details across multiple platforms—was highlighted as a major threat, especially for users who reuse passwords.
Urgent Protective Measures Recommended
PKCERT strongly advised users to change all passwords immediately, especially for financial and administrative accounts. Enabling multi-factor authentication (MFA) was stressed as a crucial step to secure access.
The advisory urged people to create unique and complex passwords for each service and avoid storing passwords in unprotected locations.
Past Breaches Raise Concern
This breach follows a previous leak involving Pakistan’s National Database and Registration Authority (NADRA). A Joint Investigation Team (JIT) report submitted in March 2024 revealed that data of 2.7 million citizens was compromised between 2019 and 2023. The JIT blamed NADRA offices in Karachi, Multan, and Peshawar and recommended disciplinary action.
As Pakistan faces ongoing digital threats, experts say immediate user action and stronger cybersecurity enforcement are vital to reduce long-term risks.
Follow us on Google News, Instagram, YouTube, Facebook,Whats App, and TikTok for latest updates
