More than 184 million passwords may have been compromised in a new massive data leak. According to cybersecurity researcher Jeremiah Fowler, who first discovered and reported the massive data breach, an unsecured database that contained millions of emails, passwords and authorisation URLs for apps and websites, including Apple, Google, Facebook, Microsoft, Instagram, Snapchat and others, was found online.
While passwords can be changed, what’s more concerning is that the database also included sensitive information like login credentials for banks and financial accounts as well as those used to log in to health platforms and government portals. Moreover, unlike most databases, which encrypt sensitive information to prevent it from going into the wrong hands, this database was in the form of a plain, unencrypted text file.
On further analysis, Fowler came to the conclusion that this data sensitive may have been captured by some sort of infostealing malware. For those unaware, cybercriminals often use infostealing malware like Lumma Stealer to grab sensitive information like usernames, passwords, credit card numbers from breached websites and systems and sell it on the dark web.
Fowler says he also contacted the hosting provider storing the plain text file with more than 184 million passwords, after which the service made it inaccessible to the public. But when the security researchers asked about the file owner, the hosting service refused to share details.
To see if the database was legitimate, the cybersecurity researchers did say that he emailed several people whose passwords and usernames had been leaked and found out that this exposed sensitive information was indeed real. He also noted that people who use the same username and passwords across services are the ones who are the most vulnerable to such threats. Also, once cybercriminals gain access to your account, they may use your personal information to commit online fraud, identity theft and even run scams.
The researchers also said that the unsecured database contained business credentials, which could be used by threat actors to steal business records, conduct corporate espionage and plant ransomware. As it turns out, it also contained login credentials of several government services and people’s conversations.
While there is no surefire way to protect yourself from data breaches, it is recommended to use strong passwords, frequently change them and use multi-factor authentication whenever possible. Google also offers a free tool that lets you check if your credentials have been leaked on the dark web.
© IE Online Media Services Pvt Ltd
