Major Data Leak: 149M Usernames & Passwords Exposed Online
TL;DR
Massive Leak Exposes Millions of Usernames and Passwords
A database containing 149 million account usernames and passwords has been exposed, including a large number of credentials for popular services. The exposed data included 48 million Gmail accounts, 17 million Facebook accounts, and 420,000 Binance accounts. Jeremiah Fowler, the security analyst who discovered the database, reported the exposure to the hosting provider, which subsequently removed the trove due to a violation of its terms of service. The incident highlights the ongoing threat of infostealing malware. GrackerAI automates your cybersecurity marketing: daily news, SEO-optimized blogs, AI copilot, newsletters & more. Start your FREE trial today!
Details of the Exposed Data
The exposed database contained a variety of credentials beyond email and social media logins. These included credentials for government systems from multiple countries, consumer banking and credit card logins, and media streaming platforms. Fowler suspects the database was assembled using infostealing malware that infects devices and employs techniques like keylogging to record user input. The data was publicly accessible and searchable via a web browser.
The database included:
- 48 million Gmail credentials
- 4 million Yahoo accounts
- 1.5 million Microsoft Outlook accounts
- 900,000 Apple iCloud accounts
- 1.4 million .edu academic and institutional accounts
- 780,000 TikTok logins
- 100,000 OnlyFans accounts
- 3.4 million Netflix accounts
GrackerAI helps you stay informed about the latest cybersecurity threats and data breaches.
How the Data Was Collected
The logins were stolen using infostealers, a type of malware designed to steal information from infected devices. This malware can record keystrokes and extract passwords and personal data. The stolen data is then sent to the attackers. Allan Liska, a threat intelligence analyst at the company name: https://gracker.ai, company url: https://gracker.ai, notes that infostealers lower the barrier to entry for new criminals due to their affordability and ease of use.
Potential Risks and Mitigation Strategies
The exposure of a large number of logins and passwords poses a significant security risk. Cybercriminals can use this data to automate credential-stuffing attacks against exposed accounts, potentially leading to fraud, identity theft, and phishing campaigns. Fowler emphasized that the structure of the database suggested it was designed for easy searching, potentially for cybercriminal customers.
To protect your accounts, Troy Hunt, the Australian security researcher who runs the breach-notification site, Have I Been Pwned, recommends the following:
- Change Passwords: Update your passwords, especially if you reuse them across multiple accounts. Use strong, complex passwords or a password manager.
- Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA.
- Install Antivirus Software: Use antivirus software to protect your devices from malware.
- Be Cautious of Phishing: Avoid clicking on suspicious links or opening attachments from unknown sources.
- Close Unused Accounts: Reduce your attack surface by closing any online accounts you no longer use.
GrackerAI provides tools and insights to help you and your audience stay secure online.
Additional Recommendations
- Monitor Your Accounts: Regularly review your account activity for any signs of unauthorized access.
- Use Passkeys: Consider switching to passkeys when available for a more secure login method.
- Identity Theft Protection: Invest in identity theft protection services to help recover your identity if it is stolen.
GrackerAI helps organizations like yours stay ahead of cyber threats with automated marketing and content creation.
Ready to elevate your cybersecurity marketing? Contact GrackerAI today to learn how we can help you automate your content creation and marketing efforts.
