Huge data leak of 149 million credentials exposed without any protection – 98GB of unique usernames and passwords from financial services, social media accounts and dating apps
- A huge trove of 149 million credentials exposed online
- Usernames and passwords included for bank, social media and .gov accounts
- It is unclear how long the database was exposed, but it has now been removed.
Jeremiah Fowler, cybersecurity researcher (vI ExpressVPN) has once again unearthed a huge trove of publicly available data.
The huge container of unique usernames and passwords was exposed on the web without any password or encryption protection.
The data contained more than 149 million username and password combinations totaling approximately 98 GB of credentials covering online accounts of almost all kinds.
149,000,000 credentials exposed
The credentials found in the container covered financial services including cryptocurrency wallets, trading accounts and bank account details. Social media and dating app credentials were also included in the database.
Aside from personal accounts, a number of email accounts using the .gov domain were found in the container.
Very little is known about the origin of the exposed cloud storage container, but Fowler notes that traces of infostealer and keylogging malware were present in the database. Upon discovery, Fowler attempted to track down the account’s owners, but was unable to find any associated information.
Instead, Fowler attempted to contact the hosting provider who told him the container was hosted by an independently operating subsidiary. It took nearly a month to dismantle the container, Fowler notes.
Interestingly, the credentials stored in the database were indexed in a way to make them easily searchable using the “host_reversed path”, meaning the database could have been the work of an organized hacker or a research database.
A database of this size and scope could be used for highly nefarious purposes, such as spear phishing, bank and credit fraud, and even identity theft. It is currently unknown how long the database remained exposed.
The best password managers are one of the best ways to protect your credentials from theft. Many password managers store your usernames and passwords in an encrypted vault using two-factor authentication and scour the dark web to check if any of your credentials have been exposed.
The best identity theft protection for every budget
:max_bytes(150000):strip_icc()/Health-GettyImages-1203392811-d7b532109ae648f29c53dd079b53f8ae.jpg?w=390&resize=390,220&ssl=1 "New Study Links 6 Artificial Sweeteners to Faster Cognitive Decline")