'Change your passwords' - 16 billion usernames and passwords leaked in worlds largest data breach
03:41 Share

Turning news has emerged this afternoon that 16 billion login credentials on computers and apps and other various forms of software have been leaked in a new mass cyber security threat. Sources are indicating this is the biggest breach of its kind.

And it's likely going to affect us, just everyday Australians. If you're a user of Google, if you're a user of Apple, Meta, which owns Facebook and Instagram, this may well affect you. Trevor Long is our tech expert from EFTM.com, great website. He joins us. Trevor, should we be worried about this?

I think we should. Everyone should realise that with 16 billion usernames and passwords and other details available in one source, this is a discovery of basically a big bucket of a lot of information. And this is not one hack. I should be very clear. And it's not Google got hacked or Facebook or Apple. This is through...

malware and different means of obtaining this information. It's all in one place, which means a hacker, a criminal, a scammer can access that information and potentially scam you or access other sites and other services you use where, frankly, we all know you're using the same password. So would somebody, would criminals be then able to sell this information, on-sell it?

This would be basically a supermarket for the underworld. They would come along and say, I would like 100 million addresses, please. And they will either go and then target those people with scams or they will target those people with what's called credential stuffing. So that means, let's say they obtained your details from shop A that was hacked 10 years ago and there's your username and password. They'll now take that username and password and try and log into shop B automatically.

or Bank A, and start trying to access your online identity in other places, and therefore take money from you or your identity. And that's the real risk here, is that people are being defrauded of their identity and their money through a breach they didn't even know about. Is there any way you're going to know if you're a victim?

Not really, no. I mean, in reality, these researchers say that the database was only available or exposed briefly to them, which means that the people that held the data have locked it away again, you know, more securely. Weirdly, it's securely locked away from the researchers. So we don't know who's on the list. We don't know how many people are involved. But with 16...

billion logins, you have to assume it is millions and millions and hundreds of millions of people globally. So we all have to take these moments and go, right, I need to take a few things seriously. I need to make sure my email, my bank, and maybe my social media and those shops that you log on to regularly are all locked down with a new and secure password. And that password, so go through that process now, but that password should be different from

software to software from Facebook to your Google account to a shop? Absolutely. So look, it's not the best security advice that I give where I say, I don't mind if you use the same password for Facebook and Twitter and social media, fine. But do not use the same password you use for your bank anywhere else. And do not use the same password you use for your email anywhere

anywhere else because those two things, bank, obviously they take your money. If they get into your email, they get into everything because they can reset every password. And your password should be long and strong. That means just pick three words, three words that you can remember, put them together into one password, and that will then become memorable to you and something that you can use quite efficiently. Good advice. We can read about it on your website, EFTM.com. Thank you, Trev.

Cheers, mate. Trevor Long, quarter past three. Just do it tonight. Just make sure you don't use the same password critically for your bank and your other services.