This article was originally published in Rest of World, which focuses on technology’s effect outside the Western world.
A significant data breach has exposed approximately 16 billion login credentials, endangering users of major platforms like Facebook, Instagram, Google, and Apple to potential fraud and identity theft. The compromised data, found across 30 different databases, has been described as a “blueprint for mass exploitation,” particularly affecting users in developing nations. Researchers from CyberNews, who uncovered the breach in a report dated June 18, attribute it to malware that infiltrates devices when users download corrupted files. This method specifically targets individuals with weak password management practices.
Experts warn that developing countries are particularly vulnerable due to their rapid digital adoption and insufficient cybersecurity infrastructure. Regions such as Asia and Latin America are notably at risk, as these areas house the largest user bases for the affected platforms. Salman Waris, founder of TechLegis, a cybersecurity consultancy based in the UAE, emphasized the potential impact, stating that “breaches like this can cause serious damage in Africa and Asia, especially in emerging economies like India, Brazil, Nigeria, and Indonesia,” where the pace of digital growth is outstripping security measures.
To date, companies like Meta, Google, and Apple have not publicly commented on the breach. The concentration of users in specific geographical areas exacerbates the threat. For instance, India alone accounts for approximately 20% of Facebook’s app downloads and 26% of Instagram’s, making it a prime target for exploitation. Many countries across Asia and Latin America similarly represent substantial segments of Gmail’s global user base.
Waris indicated that government agencies and critical infrastructure operators are at heightened risk due to the breach. Individuals and organizations that do not employ two-factor authentication are particularly susceptible to infostealer malware campaigns. Past incidents serve as a stark reminder of the catastrophic impacts such breaches can have in developing regions. In 2015, 184 million Pakistani users lost credentials linked to banks, social media, and government services, sparking widespread fears of fraud. The same year, a crackdown on cybercrime in Asia led to over 216,000 notifications to victims from attacks targeting personal and payment data.
Similar vulnerabilities have plagued African nations, where breaches affecting critical infrastructure are not uncommon. A notable incident in 2024 resulted in the theft of nearly 500,000 pieces of personal and financial data from Telecom Namibia, impacting numerous government ministries and officials. Additionally, cybersecurity firm Surfshark reported over 119,000 data breaches in Nigeria within the first quarter of 2025 alone, highlighting a troubling trend that has also affected other countries in the region.
The economic implications for emerging markets can be dire. For instance, a 2022 ransomware attack in Costa Rica disrupted government services and cost the country approximately 2.4% of its GDP. This underscores the severe consequences cyberattacks can inflict on economies already grappling with infrastructure deficits. Moreover, weak law enforcement in many developing nations exacerbates the situation, as insufficient investigative capabilities hinder the identification and prosecution of cybercriminals.
The data sets exposed in this incident varied widely. While some collections contained as few as 16 million records, the largest—targeting Portuguese-speaking users—held over 3.5 billion credentials, with an average batch size nearing 550 million. Although the scale of this breach appears staggering, cybersecurity experts caution that much of the leaked data may be outdated or recycled. Waris noted that infostealer malware typically captures a broad spectrum of credentials from infected devices, questioning the current validity of much of the stolen information.
In terms of tactics, this breach likely involved several stages as outlined by the MITRE ATT&CK framework, particularly in terms of initial access and credential dumping. The malware responsible for the breach may have taken advantage of vulnerabilities in user behavior and file download practices, emphasizing the importance of fostering better cybersecurity hygiene among users.
Damilare Dosunmu is a reporter for Rest of World, covering the technology landscape in Africa, based in Lagos, Nigeria.
This article was originally published in Rest of World, which analyzes technology’s influence outside the West.
