Pakistan’s cyber agency issues nationwide alert after 180 million netizens report data breach

Islamabad:  Pakistan’s National Cyber Emergency Response Team (PKCERT) has issued a nationwide alert following one of the largest global data breaches in recent history, which exposed sensitive login credentials of over 180 million internet users — including Pakistanis — across major online platforms, reports Dynamite News correspondent.

The breach, uncovered in a publicly accessible, unencrypted file, contains usernames, passwords, emails, and associated URLs tied to global tech giants like Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, as well as government portals, banks, and healthcare services.

According to Dynamite News correspondent, the data was reportedly collected through infostealer malware that extracted information from infected systems and stored it without encryption or access controls.

Issuing cautionary measures, the PKCERT, a federal agency tasked with safeguarding Pakistan’s digital infrastructure, warned that reused passwords across services could make users particularly vulnerable to automated cyberattacks.

The agency urged immediate password changes, activation of two-factor authentication (2FA), and the use of password managers. Users were also advised to monitor account activity for signs of suspicious logins and to avoid storing passwords in unsecured formats.

Government institutions have been directed to assess their exposure and alert potentially affected users. Failure to act promptly, PKCERT warned, could endanger critical digital services and national infrastructure.

This breach follows a 2024 investigation into a separate leak at the National Database and Registration Authority (NADRA), which compromised data from 2.7 million citizens between 2019, and 2023. That incident also raised alarms about Pakistan’s vulnerability to cyber threats.

Cybersecurity experts in the country are urging heightened vigilance, warning that attacks linked to the exposed data are likely to increase in the coming days. PKCERT has urged government departments and private organisations to identify affected users and implement immediate mitigation strategies.

Stay tuned to Dynamite News for further updates like this.