PKCERT urges immediate action after discovering a global breach exposing unencrypted login credentials from major platforms and government systems.
The National Cyber Emergency Response Team (PKCERT) has issued an urgent advisory warning that over 180 million internet users in Pakistan have been affected by a global data breach. A publicly accessible file containing 184 million unique usernames, passwords, emails, and associated URLs was found unencrypted and unsecured online.
The compromised credentials span services from tech giants such as Google, Microsoft, Apple, Facebook, and Snapchat, as well as government portals, banks, and healthcare systems. PKCERT says the database was compiled using infostealer malware that extracted data from infected devices and stored it in plain text without encryption or password protection.
PKCERT, the federal agency responsible for protecting Pakistan’s digital infrastructure, confirmed that the breach involved credentials collected from compromised endpoints. These credentials were stored and exposed without any encryption or safeguards, leaving them vulnerable to exploitation.
The advisory lists potential threats, including credential stuffing, phishing attacks, targeted social engineering, and unauthorized access to business and government platforms. Attackers could use the stolen data to impersonate users, gain unauthorized access, or deploy additional malware.
In response, PKCERT has recommended immediate steps to minimize risk:
The advisory also warns against complacency, urging users to update passwords annually and stay educated on cyber hygiene.
PKCERT urged immediate action to contain the breach, warning that exposed credentials could enable identity theft and unauthorized access to systems. The agency said the leak spans both public and private sectors, raising concerns about impersonation and potential attacks on infrastructure.
In a separate but related case, the advisory cites a March 2024 Joint Investigation Team (JIT) probe into a different breach at Pakistan’s National Database and Registration Authority (NADRA), where data on 2.7 million citizens was compromised. That investigation uncovered insider involvement at NADRA offices in Karachi, Multan, and Peshawar and recommended disciplinary measures.
The incident points to ongoing concerns around infostealer malware and poor data handling practices. Storing credential dumps in plain text, without encryption, signals a lack of basic cybersecurity safeguards. With digital systems increasingly integrated into public infrastructure and services, this case signals a need for national investment in secure data practices, early threat detection, and user education.
Infostealers are malicious programs that quietly collect sensitive data, such as saved passwords, browser cookies, and login credentials, from infected devices and transmit it back to attackers.
Use a reputable breach monitoring service like Have I Been Pwned to check if your email or password has been compromised in known data leaks.
Credential stuffing is when attackers use stolen username-password pairs across multiple sites, exploiting users who reuse the same login details. It’s a common tactic for gaining unauthorized access.
MFA adds a second layer of protection by requiring something you know (like a password) and something you have (like a mobile device or code), making unauthorized access more difficult.
Government agencies like PKCERT are increasing surveillance and issuing guidelines, but recurring breaches, such as the NADRA incident, suggest that more systemic cybersecurity reforms are still needed.