Attention! Huge leak of unique login data. Several websites
Users of the most popular websites and services should urgently change their login passwords – a database containing over 149 million credentials has been leaked. And it was exposed on the Internet.
The shocking case was described by the American “Forbs”. According to cybersecurity expert Jeremiah Fowler, the publicly accessible database was not password protected or encrypted. “A huge 96 GB of raw credentials,” the expert described the problem.
It was Jeremiah Fowler who discovered the leak and published a report with his findings, which showed that the database contained a total of 149,404,754 unique logins and passwords.
Logging in and the sneaky infostealer software
According to Fowler, it is most likely a database composed of information from previous leaks and infostealer malware logs. The stolen data includes, among others, the results of environment enumeration (name and location of the device, domain, group and users) and data saved in browsers and some applications (cookies, passwords, data from forms). The carriers of infostealer software infections are e-mail messages, search engine advertisements and the LinkedIn social networking site.
According to 4primie.pl, the data obtained in this way is offered on markets such as RussianMarket or 2Eeasy or directly to cybercriminal groups – including ransomware groups demanding a ransom to unlock access to the data.
Who is affected by the data leak? Everyone!
All users of the following websites should react urgently, because the numbers are shocking:
-
Gmail – 48 million logins and passwords
-
Facebook – 17 million logins and passwords
-
Instagram – 6.5 million logins and passwords
-
Yahoo – 4 million logins and passwords
-
Netflix – 3.4 million logins and passwords
-
Outlook – 1.5 million logins and passwords
The aim of the attack is to steal authentication data for electronic banking and other services that were saved in browsers, as well as cookies.
Users of these websites should immediately change bad habits – stop using the same passwords on different websites. Additionally, if possible, switch to logging in using access keys, i.e. fingerprint, face, device PIN.
It’s also a good idea to turn on secure two-factor authentication (2FA) to protect your accounts and sensitive data.
