Billions of users' usernames and passwords were leaked online after digital risk protection firm DarkBeam left its online database unprotected.

As reported by Cybernews, Bob Diachenko, CEO of cybersecurity firm Security Discovery, first discovered the leak on September 18. However, the database is now properly protected. Unfortunately, however, during the time the database remained online, more than 3.8 billion user records were accessible to anyone.

Notably, all of the email addresses and passwords that were leaked from this database were actually from previous data breaches. Apparently, Darkbeam was collecting this information to warn customers about future data breaches, but this breach likely affected more than just customers.

As we have seen with the recent TMX Finance data breach, this type of information breach is often the work of hackers. However, this does not appear to be the case this time, and as Diachenko points out, data breaches such as this one may be the result of human error, such as when an employee forgets to password protect a large database containing sensitive information.

Because the leak includes usernames and passwords from both reported and unreported data breaches, login credentials may have been compromised even if you have never heard of DarkBeam.

After analyzing the leaked data, Diachenko discovered that there were a total of 16 collections named "email 0-9" and "email A-F," each containing approximately 239,635,000 records.

The fact that all of this data remains publicly available online, even if only for a short period of time, makes it likely that hackers downloaded it for use in future attacks. For example, publicly available e-mail addresses could be used in targeted phishing attacks. However, cybercriminals who obtain this data will likely attempt to use the user name and password on many different sites to see if any of the victims reuse the same password.

Password reuse is a big problem, because using the same password and username for multiple accounts allows hackers to use stolen credentials to log into other accounts. For this reason, strong and complex passwords should be created for all accounts.

While 3.8 billion credentials is a lot, the largest leaked password collection to date, called RockYou, contains 8.4 billion passwords, which were also likely obtained from previous leaks and data breaches.

In a statement sent to Tom's Guide, a Darkbeam spokesperson said of the leak and the type of data exposed: "We have been notified by a third party researcher of a single unprotected instance containing compilations of publicly available data collected by a Darkbeam researcher in 2020. This instance included research on previously discovered cyber breaches that occurred between 2018 and 2019 and were created for the purpose of developing a tool to identify Darkbeam's breached accounts prior to the launch of our platform. "Darkbeam's customer information or data related to our systems was never compromised, and there is no evidence of unauthorized access by the researchers other than on September 19."

Whenever there is news of a major data breach such as this one, it is a good idea to check to see if your credentials have been compromised. There are several different ways to do this, Cybernews has its own personal data breach checker, but you can also use Troy Hunt's popular HaveIBeenPwned or Mozilla's Firefox Monitor.

Any of the tools linked above will let you know if your credentials have been compromised so you can change them manually. If you are worried about the time it will take, many good password management tools will change your passwords automatically.

Those whose credentials were included in the breach will want to enable two-factor authentication (2FA) for their accounts, if they haven't already. Likewise, you will want to be on the lookout for suspicious emails or text messages from unknown senders. It is also a good idea to use one of the best antivirus software on PCs, the best Mac antivirus software on Macs, and the best Android antivirus app on smartphones to avoid becoming a victim of malware that may be contained in suspicious emails.

Unfortunately, data breaches like this one are a fact of life. However, if proper precautions are taken and proper action is taken after a leak, the likelihood of hackers taking over accounts or identity theft is reduced.