It’s possible that billions of login credentials were compromised. Here are some tips for safeguarding your accounts.

Experts in cybersecurity advise utilizing passkeys or other passwordless login techniques.

According to a study released on Wednesday by independent cybersecurity news source Cybernews, 16 billion login credentials were made public and collated into online datasets, granting hackers access to accounts on websites like Google, Apple, and Facebook.

Although the allegation could not be independently verified by CBC News, cybersecurity experts say the event serves as another warning to users to change their passwords on a regular basis and avoid using the same one across sites.

According to Enza Alexander, executive vice-president of ISA Cybersecurity in Toronto, “take those passwords that are specifically in the social platforms that you use, the places that you like to go, and just change those passwords and keep them fresh,” she said roughly three or four times a year.

Never reuse what you have already used. Make use of [passwords] that are highly unique and contain both characters and digits.

Although changing your passwords on several platforms can make it more difficult to remember, Alexander noted that it also makes it more difficult for hackers to access your accounts and identify you.

According to Cybernews, the databases are likely to contain duplicate records, making it “impossible” to pinpoint the precise number of individuals whose credentials may have been compromised in the hack.

The disclosed documents appear to be a collection of datasets with login credentials that were collected over time rather than the result of a centralized hack that targeted a particular company.

According to Cybernews’ assessment, it is probably the work of a number of infostealers. A type of malicious software known as “infostealers” compromises a victim’s device or systems in order to steal confidential data.

The problem was not caused by a Google data breach, a Google representative said CBC News in a statement.

There was no single source for the breach, according to a post on social media site X by cybersecurity researcher and Cybernews contributor Bob Diachenko.

“What this number reflects is the size of different infostealers logs exposed publicly since the beginning of this year alone,” Diachenko wrote in the report, indicating the widespread “infostealers infections” that are occurring today.

There are still a lot of unanswered issues regarding these compromised credentials, such as whose hands the login information is currently in. However, while data breaches are becoming more frequent in today’s society, experts are still emphasizing how important it is to maintain important “cyber hygiene.”

How can your credentials be safeguarded?

Although Alexander acknowledged that “it’s difficult to understand what is accurate and what is not” regarding the breach, he also advised users to change their passwords if they are concerned about being impacted.

Additionally, she suggested that users consider the various security features that platforms might provide, such the option to log in with a passkey instead of a password.

Users can sign in with a passkey instead of a password on some websites, such as Apple and Google. This enables users to utilize a pin, fingerprint, or face recognition scan to log into their accounts.

In its statement, Google urged users to use passkeys and other passwordless authentication techniques, claiming that they are more secure. Additionally, it recommended the use of programs like Google Password Manager, which can store passwords and alert users in the event that any of their credentials have been compromised so they may take appropriate action.

“It’s really important that people see if they’ve been affected but not overreact to the situation,” Alexander stated.