FlagThis - #DataSecurity

A massive database containing over 184 million unique login credentials has been discovered online by cybersecurity researcher Jeremiah Fowler. The unprotected database, which amounted to approximately 47.42 gigabytes of data, was found on a misconfigured cloud server and lacked both password protection and encryption. Fowler, from Security Discovery, identified the exposed Elastic database in early May and promptly notified the hosting provider, leading to the database being removed from public access.

The exposed credentials included usernames and passwords for a vast array of online services, including major tech platforms like Apple, Microsoft, Facebook, Google, Instagram, Snapchat, Roblox, Spotify, WordPress, and Yahoo, as well as various email providers. More alarmingly, the data also contained access information for bank accounts, health platforms, and government portals from numerous countries, posing a significant risk to individuals and organizations. The authenticity of the data was confirmed by Fowler, who contacted several individuals whose email addresses were listed in the database, and they verified that the passwords were valid.

The origin and purpose of the database remain unclear, with no identifying information about its owner or collector. The sheer scope and diversity of the login details suggest that the data may have been compiled by cybercriminals using infostealer malware. Jeremiah Fowler described the find as "one of the most dangerous discoveries" he has found in a very long time. The database's IP address pointed to two domain names, one of which was unregistered, further obscuring the identity of the data's owner and intended use.


References :

• hackread.com: Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords
• PCMag UK security: Security Nightmare: Researcher Finds Trove of 184M Exposed Logins for Google, Apple, More
• WIRED: Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
• www.zdnet.com: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
• Davey Winder: 184,162,718 Passwords And Logins Leaked — Apple, Facebook, Snapchat
• DataBreaches.Net: Mysterious database of 184 million records exposes vast array of login credentials
• 9to5Mac: Apple logins with plain text passwords found in massive database of 184M records
• www.engadget.com: Someone Found Over 180 Million User Records in an Unprotected Online Database
• borncity.com: Suspected InfoStealer data leak exposes 184 million login data
• databreaches.net: The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address.
• borncity.com: [German]Security researcher Jeremiah Fowler came across a freely accessible and unprotected database on the Internet. The find was quite something, as a look at the data sets suggests that it was probably data collected by InfoStealer malware. Records containing 184 …
• securityonline.info: 184 Million Leaked Credentials Found in Open Database
• Know Your Adversary: 184 Million Records Database Leak: Microsoft, Apple, Google, Facebook, PayPal Logins Found
• securityonline.info: Security researchers have identified a database containing a staggering 184 million account credentials—prompting yet another urgent reminder to The post appeared first on .

Classification:

• HashTags: #DataBreach #Passwords #Cybersecurity
• Company: Microsoft
• Target: Users of Google, Microsoft, Facebook, Snapchat
• Product: Multiple
• Feature: Credential Exposure
• Type: DataBreach
• Severity: Disaster