A database containing 149 million usernames and passwords has reportedly been removed after a researcher notified the hosting provider of an exposure.
According to Wired, the database contained 48 million Gmail credentials, 17 million Facebook credentials, and 420,000 Binance credentials. Additionally, it contained information on 4 million Yahoo accounts, 1.5 million Outlook accounts, 900,000 iCloud users, and 1.4 million “.edu” academic and institutional accounts. Login details for platforms such as TikTok, Netflix, and OnlyFans were also spotted.
The database also included login details for government systems across multiple countries, as well as for consumer banking and credit card apps.
Security analyst Jeremiah Fowler discovered the database and reported it to the host. He suspects that the database was assembled using infostealing malware that infects devices and then uses keyloggers and other techniques to record the information victims enter into websites.
According to Fowler, he was never able to figure out who owned or used the information or what purpose the list served. Wired suggests it would make sense if it were for cybercriminal customers, with different amounts based on the scam.
The good news, as mentioned earlier, is that the hosting provider has since taken the database, which Fowler called in an interview a “dream wish list for criminals,” down due to it violating the host’s terms of service.
As with any significant breach, we recommend changing your passwords, especially for your e-mail (if you use Gmail or Outlook) and any financial services. You should also change your passwords for your social media accounts and activate two-factor authentication to further protect yourself.
Source: Wired
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.