- Researchers found 30 databases that housed 16 billion items online
- The registrations were probably generated by infostealers
- Registrations come from a wide range of providers, from Apple to Google and many more
Security researchers have reported to discover what could be the mother of all data violations – a set of 30 databases containing a total of 16 billion items.
These items were probably generated by different cyber criminals (and possibly white hathackers or scientists) using different infoStealing malware, a new report from Cygenerws claims.
The researchers note that the databases were different in size – from “smaller” containing only millions of records, to giant, which houses billions of records, with accounts from Google, Apple, to different VPN services, GitHub, Telegram and more – and of the 30 discovered data sets, only one previously reported by the media, a “mysterious” – database with 184 million.
Scrape the surface
“It hardly scratches the top 20 of what the team discovered,” Cygenerws Explained. “Most worryingly, researchers claim new massive data sets emerge every few weeks, signaling how widespread infoTeals -Malware really is.”
The databases were only available for the wider internet only cards and were quickly locked down – however, it was not possible to decide who the owners are.
Many of the information is likely to overlap, making it almost impossible to determine exactly how many people were affected. It is also important to note that approx. 5.5 billion people have access to the Internet today, which means many people have more compromised accounts.
Unprotected databases continue to be the most common cause of data leaks. For years, security researchers have warned that many organizations do not understand the shared responsibility for cloud services and that they are obliged to protect and secure the data they generate.
On the other hand, cyber criminals have a field day with these archives. They often contain more than enough of sensitive information to launch very personal, successful phishing campaigns, leading to identity theft, thread fraud and even ransomware attacks.
