UAE-based cybersecurity experts have raised serious concerns following the discovery of over 16 billion compromised login credentials in what is being described as one of the most significant breaches of its kind to date. The leak, uncovered by researchers at Cybernews, includes usernames and passwords from major tech platforms such as Apple, Google, Facebook, Telegram, and GitHub, as well as some government websites.
The findings, part of an ongoing investigation launched earlier this year, highlight the urgent need for businesses and individuals to strengthen password security across all operational levels. Researchers warn that the data is not recycled from old leaks, but rather includes fresh credentials that could be exploited for identity theft, account takeovers, and highly targeted phishing attacks.
“This is weaponising intelligence at scary scales,” said Rayad Kamal Ayub, managing director of Rayad Group and a Dubai-based cybersecurity expert. Speaking to Khaleej Times, Ayub cautioned that the leaked data reflects current user behavior, making it even more dangerous. “Cybercriminals can use this recent information to launch more convincing and damaging attacks.”
Despite the UAE’s strong ranking in the Global Cybersecurity Index 2024, Ayub stressed that organisations must take proactive measures. These include enforcing complex password requirements, deploying multi-factor authentication, using password managers, and conducting regular access audits. He also recommended involving professional cybersecurity firms to secure sensitive databases, especially in sectors like healthcare, finance, and retail.
Disturbingly, common passwords found in the breach include a mix of everyday items, food, and pop culture references. Among them were ‘apple’ (10 million instances), ‘rice’ (4.9 million), and ‘pizza’ (3.3 million). Characters such as ‘Batman’, ‘Thor’, and ‘Joker’ were also frequently used, appearing millions of times each. Over 165 million passwords contained profanity, while the name ‘Ana’ showed up in nearly 179 million cases.
Carolyn Duby, Field CTO and Cybersecurity GTM Lead at Cloudera, warned that global cybercrime damages are projected to reach $10.5 trillion by 2025, up from $9.5 trillion in 2024. “Data breaches are happening faster and costing more,” she said, noting that ransomware attacks now occur every 11 seconds, and the average data breach cost has risen to $4.88 million. She emphasised that data must be treated as both an asset and a target, with AI and automation playing a growing role in detection and prevention.
Echoing these sentiments, Louise Bou Rached, director for the Middle East, Turkey, and Africa at Milestone Systems, called for a “zero-trust” approach. “Today, protecting digital freedom means constant verification of every user, device, and application. Companies must go beyond reactive defense,” she said.
The experts unanimously agree: cybersecurity is no longer just an IT issue—it is a core pillar of trust, resilience, and business continuity.
