149 Million Login Credentials Leaked in Database Breach

A massive database containing nearly 149 million stolen login credentials was recently taken offline after a security researcher discovered it publicly accessible on the internet. The exposed information included a staggering 48 million Gmail addresses and passwords, alongside millions of credentials for other major platforms like Facebook, Yahoo, and Microsoft Outlook. The discovery underscores the persistent threat posed by unsecured data troves and the malware campaigns that often create them.

Security analyst Jeremiah Fowler found the database, which was hosted by an affiliate of a global provider in Canada. He could not identify who owned or operated it, but its contents pointed to a highly organized collection of stolen data. In addition to the vast number of email and social media logins, the cache held credentials for government systems in multiple countries, consumer banking and credit card portals, and popular streaming services like Netflix and TikTok.

Fowler reported the exposure to the hosting provider, which removed the database for violating its terms of service. During the roughly month-long process of making contact, he observed the database continuing to grow, accumulating fresh logins for a wide array of services. The structure of the data suggested it was automatically indexed and organized, making it easily searchable. Fowler suspects the credentials were harvested by infostealing malware, a type of malicious software that infects devices to record keystrokes and steal information as users type it into websites.

“This is like a dream wish list for criminals because you have so many different types of credentials,” Fowler noted. “The database was in a format made for indexing large logs as if whoever set it up was expecting to gather a lot of data.”

The scale of the find was alarming. Beyond the Gmail credentials, it contained about 17 million Facebook logins, 4 million for Yahoo, 1.5 million for Microsoft Outlook, and 900,000 for Apple iCloud. It also included 420,000 credentials for the cryptocurrency exchange Binance, 1.4 million academic “.edu” accounts, 780,000 for TikTok, 100,000 for OnlyFans, and 3.4 million for Netflix. The data was not hidden; it was publicly accessible and searchable using a standard web browser.

While Fowler did not determine the ultimate purpose of the database, its organized nature suggests it could have been used to service cybercriminal clients. Different subsets of information, like government logins or banking credentials, could be queried and sold for various scams. This incident highlights a broader trend of poorly secured databases leaking sensitive information online, compounded by the rise of infostealer malware that automates credential theft.

“Infostealers create a very low barrier of entry for new criminals,” explains Allan Liska, a threat intelligence analyst. “Renting one popular infrastructure we’ve seen costs somewhere between $200 to $300 a month, so for less than a car payment, criminals could potentially gain access to hundreds of thousands of new usernames and passwords a month.”

The constant flow of such data breaches means that personal login information is increasingly vulnerable. This event serves as a critical reminder for individuals and organizations to employ strong, unique passwords and enable multi-factor authentication wherever possible to add an essential layer of security.

(Source: Wired)