There is troubling news from the world of cybersecurity as a massive data breach has exposed more than 184 million unique passwords and login credentials, affecting users of major platforms such as Google, Apple, Microsoft, Facebook, Instagram, Snapchat, and many more.
This incident is being described by cybersecurity experts as a “cybercriminal’s dream” due to the scale, sensitivity, and accessibility of the compromised data.
According to a new report by cybersecurity researcher Jeremiah Fowler, the leak affected everything from Apple and Google usernames and passwords and social media logins to bank accounts.The database containing the compromised passwords was ironically unencrypted and not password-protected itself, the report said.The publicly accessible database contained 184,162,718 unique logins and passwords reportedly tied to email providers such as Google and a range of Microsoft products, as well as social media platforms like Facebook, Instagram and Snapchat, ZDNet reported.Fowler shared that information from bank accounts, health services and government portals was also unprotected.
According to Fowler, as cited by Website Planet, the data appeared to have been harvested by infostealer malware, a type of malicious software that extracts sensitive information from infected devices, often distributed via phishing emails, malicious websites, or cracked software.
The hosting provider would not disclose their customer’s information, so it is not known if the database was used for criminal activity or if this information was gathered for legitimate research purposes and subsequently exposed due to oversight. It is also not known how long the database was exposed before I discovered it or if anyone else may have gained access to it.The records exhibit multiple signs that the exposed data was harvested by some type of infostealer malware. Infostealer is a type of malicious software designed specifically to harvest sensitive information from an infected system. This malware usually targets credentials (like usernames and passwords) stored in web browsers, email clients, and messaging apps. Some variants of the malware can also steal autofill data, cookies, and crypto wallet information — some can even capture screenshots or log keystrokes.It is not known exactly how this specific data was collected, but cybercriminals use a range of methods to deploy infostealers. For instance, they often conceal malware within phishing emails, malicious websites, or cracked software. Once the infostealer is active, the stolen data is often either circulated on dark web marketplaces and Telegram channels or used directly to commit fraud, attempt identity theft, or launch further cyber-attacks.
Fowler validated the authenticity of the breach by contacting some of the affected individuals, who confirmed their credentials were accurate and current.
The cybersecurity expert is warning that the data can be used in a variety of ways.
Credential Stuffing Attacks: Users with the same password across several accounts are vulnerable to hackers who could test various password and email combinations across other websites.Phishing And Social Engineering: Cybercriminals can obtain a history of a person’s contacts and chats and later target them with phishing attacks.Ransomware And Espionage: Fowler found numerous business credentials in the compromised data. The attackers can use this information for corporate espionage, ransomware campaigns, and to steal company documents.State And Government Attacks: Fowler observed many government accounts, which an attacker can use to target state organisations.
In the wake of this report, cybersecurity experts are recommending that users change their passwords and implement multi-factor authentication.
Image by perplexity.ai
CLICK HERE FOR FULL VERSION OF THIS STORY