Important Reminder to Keep Login Credentials Secure
On June 18, 2025, Cybernews researchers reported that 16 billion login credentials were exposed in the largest data breach in history. This worldwide security incident involves major platforms including Google, Apple, Facebook, and Microsoft. Due to the magnitude of this breach, we updated our list of best practices and password recommendations to help keep your login credentials as secure as possible.
82.6% of phishing emails now utilize artificial intelligence
March 2025 Phishing Threat Trends Report, KnowBe4
AI-Powered Phishing Attacks
The credential exposure coincides with a surge in AI-powered phishing attacks. According to the March 2025 Phishing Threat Trends Report published by KnowBe4, 82.6% of phishing emails now utilize artificial intelligence. When cybercriminals have access to real login credentials, as described in the Cybernews report, the cybercriminals can craft highly personalized attacks that reference actual account information, dramatically increasing their success rate.
Best Practice:
Never use the same passwords you use for business, banking, or other financial websites that you use for personal accounts or on social media platforms.
Best Practices and Recommendations
Below are best practices and recommendations you can take now to help make your online accounts as secure as possible:
- Assess Your Exposure: Visit the website https://haveibeenpwned.com to find out if your personal and business email addresses are involved in a data breach. If your email was exposed, this website will provide the names of websites where the compromise occurred, the dates of exposure, and the information that was compromised.
- Modernize Password Security: Transition from complex short passwords to passphrases like “Coffee!Morning!Walk2024.” Implement a password manager to ensure that business and personal credentials remain separate.
- Strengthen Authentication: Check the security settings in each business and personal system in which you have a login to enable multi-factor authentication immediately. Use authenticator apps rather than SMS when possible, as that is the most secure notification method.
- Separate Your Business Account Logins from Your Personal Accounts: Never use the same passwords you use for business, banking, or other financial websites that you use for personal accounts or social media platforms and vice versa.
Timeline for Action
If you do not already have security measures in place, we recommend creating and implementing a plan as soon as possible. Adding these measures will help secure your online presence for both business and personal use.
If you have a business, you should also include coordinated password resets for critical systems and systematic Multi-Factor Authentication (MFA) deployment across all business applications.
What’s Coming?
With the ever-increasing advancement of AI-powered campaigns, by 2027, traditional methods of detecting phishing emails will be obsolete, according to the March 2025 Phishing Threat Trends Report.
AI is here to stay. Organizations, businesses, and individuals must invest in advanced detection capabilities while continuing to undergo ongoing training to learn how to detect and avert cyber breaches and attacks.
As always, should you have questions on this or other matters affecting you or your business, please call 215.675.8364 or email us today.
DISCLAIMER: All communications by Wouch, Maloney & Co., LLP intend to provide general information, as of the date of the communication, and may reference information from reputable sources. Although our firm has made every reasonable effort to ensure that the information provided is accurate, we make no warranties, expressed or implied, of the information provided. Please be aware that this is not a comprehensive analysis of the subject matter covered and is not intended to provide specific recommendations to you or your business with respect to the matters addressed.
