- Exzec Cyber Newsletter
- Posts
- 16 Billion Credentials Leaked—And That’s Just the Start
16 Billion Credentials Leaked—And That’s Just the Start
Nation-state threats, silent breaches, and healthcare chaos... all before lunch.
🔄 We’re Trying Something New!
We’re piloting a new Quick-Hit Recap format in our Tuesday editions—shorter, sharper, and focused on what matters right now in cyber to start your week. It’s designed for busy execs and security pros who want signal without the noise.
Let us know what you think 👉 Take the 10-second poll below to tell us if this format helps you stay ahead.
🧠 CyberFact of the Day:
The average time to detect a breach is still 204 days—meaning many of today’s incidents started back in November 2024.(Source: IBM Cost of a Data Breach Report)📬 This Week’s Clickables
🚨 Major Breaches & Incidents — Mass credential leaks, T-Mobile claims, healthcare and insurance fallout
🕵️ Advanced Persistent Threats — Salt Typhoon in Canada, new Cisco exploits in the wild
🛡️ Emerging Risks & Warnings — Hacktivism, FDA cyber alerts, and silent breach pressure
🧭 Mitigation & Best Practices — Actionable steps tied to each threat above
🚨 Major Breaches & Incidents
16 Billion Login Credentials Exposed
A staggering breach involving 30 data dumps has spilled 16 billion login credentials—many fresh and fully usable. Popular services affected include Apple, Google, Telegram, and government portals.
👉 Expect surges in phishing, ATOs, and MFA fatigue targeting.T-Mobile Denies 64 Million-Record Breach Claim
A threat actor claims to be selling 64 million T-Mobile customer records including Tax IDs and device data. T-Mobile says it’s not real—but third-party vendor exposure remains a prime suspect.
👉 Vendor trust is becoming your biggest blind spot.Aflac Compromised in Scattered Spider Campaign
The notorious group is back. Aflac is the latest victim, with sensitive health, claims, and SSN data likely exposed. Other insurers are now scrambling to assess lateral movement.
👉 The insurance sector is officially under siege.McLaren Health Care Hit Again—743,000 Affected
Nearly three-quarters of a million patient records were leaked in McLaren’s second breach in two years. Names, addresses, SSNs, and diagnoses were included.
👉 Repeat breaches = systemic weaknesses.
🕵️ Advanced Persistent Threats
Salt Typhoon Targets Canadian Telecom via Cisco Flaw
China-backed hackers exploited CVE‑2023‑20198 in Cisco IOS XE to access Canadian telecom infrastructure. Tunnels were used to silently siphon off traffic.
👉 Yes, it’s time to patch that router. Again.U.S.–Canada Joint Advisory Confirms Salt Typhoon Attacks
Authorities confirm state-level intrusion campaigns, calling out tactics used to remain persistent and invisible.
👉 Check for GRE tunnels and config manipulation ASAP.
🛡️ Emerging Risks & Warnings
DHS Warns of Pro-Iranian Hacktivists Amid Escalations
Low-level defacements and DDoS attacks tied to Iranian actors are ramping up, targeting utilities, financial services, and regional governments.
👉 Prepare for noisy, symbolic attacks with real-world impact.FDA: Medical Manufacturing Faces Growing Cyber Risk
The FDA warns that connected device manufacturing is now a cybersecurity risk to public health. They call for urgent OT modernization.
👉 Time to drag OT into your next tabletop exercise.Bitdefender: AI Attacks Rising, Staff Silenced
67% of cyber pros say they’ve witnessed AI-powered attacks. Over half say leadership pressures them not to disclose breaches.
👉 The trust gap between the C-suite and SecOps is growing dangerously wide.
How is the quick-recap format? |
🧭 Mitigation & Best Practices
🔓 Protect Against Credential Flooding
(Referencing: 16 Billion Credential Leak)
Rotate passwords—especially reused ones across services.
Use password managers to maintain strong, unique credentials.
Enable phishing-resistant MFA (e.g., passkeys, app-based).
Monitor accounts using services like HaveIBeenPwned.
🔥 Respond to Targeted Campaigns (Scattered Spider)
(Referencing: Aflac Insurance Breach)
Update employee training to reflect evolving social engineering tactics.
Review privilege escalation paths and restrict RDP/VPN access.
Audit claims systems for unusual activity dating back weeks, not days.
🌐 Secure Network Infrastructure (Cisco Exploits)
(Referencing: Salt Typhoon Exploits)
Patch Cisco IOS XE systems urgently, particularly CVE‑2023‑20198.
Monitor for GRE tunnels, CLI abuse, and config anomalies.
Review firewall and router logs for persistent outbound traffic to unfamiliar IPs.
🩺 Modernize OT and Medical Manufacturing Security
(Referencing: FDA Cyber White Paper)
Conduct risk assessments of OT assets and connected medical tech.
Segment networks to isolate production environments.
Establish incident response playbooks that include OT scenarios.
💬 Close the Security Trust Gap
(Referencing: Bitdefender Report on AI Attacks and Silencing)
Create anonymous reporting channels for internal breach disclosures.
Encourage open discussion between frontline analysts and leadership.
Share breach metrics internally to avoid dangerous overconfidence.
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!