A colossal database leak: Cybersecurity researcher Jeremiah Fowler reported that a 149 million username and password records database was compromised through an unprotected data repository on the Internet. He found this treasure trove of user credentials due to malware running on infected devices. With a total size of 96GB, Fowler’s discovery of the dataset (which had leaked for at least 30 days) entailed that it had been available online after access became possible.
So What Happened with This Large Database Leak?
This wasn’t a hack of Google or Netflix themselves. Fowler found that the database leak was created not by a hack of one of the websites from which the user credentials were acquired, but rather from the logs maintained on an unsecured server of a company that did not adequately secure it. The server on which the data was stored was set to accept logins from devices that had been infected with infostealer malware.
The infostealer malware is commonly contained within hoax downloads, where a user can be infected without ever knowing it was present. Because the database was left unsecured and open to anyone, the dataset included not just passwords but also the specific websites they belonged to, creating a ready-made guide for large scale account takeover attacks.
Why This Credential Exposure Matters
The significance of this database leak is great in size, scope, and range of types of accounts it affects… This includes almost all types of online accounts, from 48 million Gmail addresses to 420,000 Binance Account credentials, and even Gov’t email domain accounts (among others). Since the email account is often the gateway or the key to resetting passwords for various other services, having an infected email account means that the cybercriminal has the ability to access virtually all parts of the compromised user’s online world.
Although both Google and Binance have publicly stated that their databases were not breached, the data has now been “weaponized” by cybercriminal groups for carrying out phishing attacks, as well as other types of fraud, and also for use in targeting specific individuals or organizations.
