PKCERT warns of credential breach impacting 180 million users

PKCERT urges immediate action after discovering a global breach exposing unencrypted login credentials from major platforms and government systems.

What happened

The National Cyber Emergency Response Team (PKCERT) has issued an urgent advisory warning that over 180 million internet users in Pakistan have been affected by a global data breach. A publicly accessible file containing 184 million unique usernames, passwords, emails, and associated URLs was found unencrypted and unsecured online.

The compromised credentials span services from tech giants such as Google, Microsoft, Apple, Facebook, and Snapchat, as well as government portals, banks, and healthcare systems. PKCERT says the database was compiled using infostealer malware that extracted data from infected devices and stored it in plain text without encryption or password protection.

Going deeper

PKCERT, the federal agency responsible for protecting Pakistan’s digital infrastructure, confirmed that the breach involved credentials collected from compromised endpoints. These credentials were stored and exposed without any encryption or safeguards, leaving them vulnerable to exploitation.

The advisory lists potential threats, including credential stuffing, phishing attacks, targeted social engineering, and unauthorized access to business and government platforms. Attackers could use the stolen data to impersonate users, gain unauthorized access, or deploy additional malware.

In the know

In response, PKCERT has recommended immediate steps to minimize risk:

• Change passwords for all online accounts, particularly financial and administrative ones
• Enable multi-factor authentication (MFA) wherever possible
• Use unique and complex passwords across platforms
• Avoid storing passwords in unsecured formats or emails
• Use a password manager for secure storage
• Check for compromised accounts using reputable breach notification services

The advisory also warns against complacency, urging users to update passwords annually and stay educated on cyber hygiene.

What was said

PKCERT urged immediate action to contain the breach, warning that exposed credentials could enable identity theft and unauthorized access to systems. The agency said the leak spans both public and private sectors, raising concerns about impersonation and potential attacks on infrastructure.

In a separate but related case, the advisory cites a March 2024 Joint Investigation Team (JIT) probe into a different breach at Pakistan’s National Database and Registration Authority (NADRA), where data on 2.7 million citizens was compromised. That investigation uncovered insider involvement at NADRA offices in Karachi, Multan, and Peshawar and recommended disciplinary measures.

The big picture

The incident points to ongoing concerns around infostealer malware and poor data handling practices. Storing credential dumps in plain text, without encryption, signals a lack of basic cybersecurity safeguards. With digital systems increasingly integrated into public infrastructure and services, this case signals a need for national investment in secure data practices, early threat detection, and user education.

FAQs

What is infostealer malware, and how does it work?

Infostealers are malicious programs that quietly collect sensitive data, such as saved passwords, browser cookies, and login credentials, from infected devices and transmit it back to attackers.

How can I tell if my data was included in the breach? 

Use a reputable breach monitoring service like Have I Been Pwned to check if your email or password has been compromised in known data leaks.

What is credential stuffing, and why is it dangerous?

Credential stuffing is when attackers use stolen username-password pairs across multiple sites, exploiting users who reuse the same login details. It’s a common tactic for gaining unauthorized access.

What does multi-factor authentication (MFA) actually do?

MFA adds a second layer of protection by requiring something you know (like a password) and something you have (like a mobile device or code), making unauthorized access more difficult.

Are public institutions in Pakistan taking steps to prevent future leaks?

Government agencies like PKCERT are increasing surveillance and issuing guidelines, but recurring breaches, such as the NADRA incident, suggest that more systemic cybersecurity reforms are still needed.