A massive global cyberattack has compromised the account credentials of over 184 million users worldwide, with Pakistani citizens among the most severely impacted. The National Cyber Emergency Response Team (NCERT) has issued an urgent nationwide advisory, warning users to “change all passwords immediately” to protect themselves from potential exploitation.
The advisory follows the discovery of a publicly accessible and unprotected database containing sensitive login credentials stolen using infostealer malware. The leak affects major global platforms including Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, along with government portals, banks, and healthcare systems.
Pakistanis Urged to Act Now
“Given the scale of this breach, we urge all users to change passwords across all services—especially social media, banking, and government-related platforms,” the NCERT warned. “This is not a routine incident. The risk to individuals and organisations is extremely high.”
The compromised data includes usernames, passwords, email addresses, and associated URLs. Alarmingly, the information was stored in plain text with no encryption, leaving it wide open to misuse by hackers and cybercriminals.
Key Threats Highlighted
NCERT’s advisory outlines several potential consequences of the breach:
Credential stuffing: Hackers use stolen credentials to access other accounts with reused passwords.
Account takeovers: Unauthorized access to user and enterprise accounts.
Identity theft: Cybercriminals may impersonate users for fraud or scams.
Targeted phishing: Personal data can be exploited to send convincing fraudulent messages.
Ransomware and cyber-espionage: Risk to businesses, healthcare, and government networks.
Urgent Measures for Citizens
To safeguard personal and organisational data, NCERT recommends:
Change all passwords immediately, especially those linked to critical accounts.
Use unique, strong passwords for each service.
Enable multi-factor authentication (MFA) wherever possible.
Avoid storing passwords in email or unprotected files.
Use password managers for secure credential handling.
Monitor login activity for suspicious behavior or unfamiliar devices.
Risks to Institutions and Infrastructure
The advisory also highlights risks to financial institutions, healthcare providers, and government agencies. “Multi-national government agencies are at risk, and financial accounts could be compromised,” it said, adding that sensitive patient data may also be exposed.
Organisations are urged to:
Enforce password rotation policies.
Educate staff about phishing and credential management.
Monitor network activity and login patterns.
Update malware definitions and endpoint protections.
No Software Patch Available
This incident isn’t linked to a software flaw, meaning there is no patch to apply. Instead, protection relies entirely on user vigilance, strong password practices, and system monitoring.
Call to Action
“This breach affects every sector and every individual. Timely action is essential to prevent identity theft, financial fraud, and national-level data compromise,” NCERT concluded.
With top tech giants like Google, Microsoft, Apple, Facebook, Instagram, and Snapchat affected, the message is clear: Act now to protect your digital identity.
