Login and password information for Apple, Google and Meta accounts found in huge data violation of 184 million accounts

Researchers found a new non-passord protected database
The database contained hundreds of millions of records
Among the records was login -legitimation information for Facebook, Apple and more

Login credentials for Microsoft, Facebook, Snapchat and many other services were recently found in a public, non-passord-protected database available to anyone who knew where to see.

The database was discovered by Jeremiah Fowler, a security researcher known for hunting large, open databases.

According to Fowler, the database contained more than 184 million unique logins and passwords: E emails, usernames, passwords and URL logo -links for a wide range of service applications and accounts. It includes E email providers, Microsoft Products, Facebook, Instagram, Snapchat, Roblox and many more.

Fowler also said he saw credentials for banking and financial accounts, health platforms and government portals from “several countries”. He managed to confirm the authenticity of at least some of the data in the database by reaching out to E -email addresses found inside.

Attribution, however, was difficult. Fowler says the IP address indicated that the database was connected to two domain names – one parked and inaccessible, and the other unregistered and available for purchase.

The WHOIS registration was set to private, which made it impossible to identify the true owner of the database.

Attribution problems

But the researcher managed to reach the hosting provider, and shortly after – there was limited public access. However, the provider did not reveal the information about the owner.

With that in mind, Fowler says it is difficult to determine whether the database was generated by a malicious actor or a legitimate. He still leans against the former and claims to have seen “more characters” as the data was harvested with infoTeals.

Infosteals are usually distributed via phishing, malicious sites or tainted updates. They can harvest sensitive information from the compromised device, including passwords stored in browsers, important PDF files, cryptocurrency -text book information and more.

When Crooks has access to E -Mail accounts, they can use them to start convincing phishing -attack or steal even more data.

In fact, Fowler claims that many people “treat their E -mail accounts as free storage” and keep aarre sensitive documents inside.

Via Site plane

Must Read

Leave a Comment Cancel Reply