Massive Data Breach Exposes Login Details of 180 Million Pakistanis, Warns Cybersecurity Body

Pakistan’s National Cyber Emergency Response Team (PKCERT) has issued a warning about a major global data breach. The advisory, shared on Monday, says the login credentials and passwords of over 180 million internet users in Pakistan have been stolen.

Details of the Breach

According to the advisory seen by Dawn.com, the breach involves a publicly available file containing over 184 million unique account details. These credentials were not encrypted or protected in any way.

The stolen data includes:

• Usernames

• Passwords

• Email addresses

• Links to accounts on platforms like Google, Microsoft, Apple, Facebook, Instagram, Snapchat

• Logins for government portals, banks, and healthcare platforms

How the Data Was Stolen

According to the notice, infostealer malware was most likely used to gather the data. Malicious software of this kind infects devices and steals private information. Unbelievably, the stolen information was kept in plain text and was publicly available online without a password.

Potential Dangers

PKCERT says the stolen login details could be used for:

• Hacking into personal or work accounts

• Stealing identities

• Accessing government websites without permission

• Carrying out phishing or scam attacks

• Installing more malware on victims’ systems

The database was reportedly built using login details taken from infected computers and devices, with no security measures in place.

What You Should Do Now

PKCERT is urging everyone to take immediate steps to protect their online accounts. Their advice includes

• Change your passwords, especially for banking and admin accounts

• Use strong, unique passwords for each online service

• Turn on multi-factor authentication (MFA)

• Avoid storing passwords in emails or plain text files

• Use a trusted password manager

• Change your passwords at least once a year

• Check if your data has been exposed using reliable breach-checking services

PKCERT warns that quick action is critical to reduce the impact of this breach and protect yourself from further damage.

Past Breaches Involving Nadra

In a related case, a Joint Investigation Team (JIT) found that the credentials of 2.7 million Pakistani citizens were compromised between 2019 and 2023. The leaked data came from Nadra offices in Karachi, Multan, and Peshawar.

The JIT, led by a senior FIA officer and supported by intelligence agencies, submitted a report to the Interior Ministry. It recommended action against officials believed to be involved in the breach.