Gmail and Facebook Leaked: 149 Million Passwords Exposed

A security examination led by analyst Jeremiah Fowler revealed ‍an unprotected database containing 149 million sets of login credentials,⁤ including usernames and passwords.The finding, reported by Wired, exposed a vast⁣ amount of sensitive information that was publicly accessible without security barriers. The file was hosted ⁣on a server in Canada and⁣ was‌ removed after⁣ the ‌researcher alerted the hosting company.

The scale of the ‍data breach is significant, encompassing numerous popular ⁢platforms. The ⁣exposed data includes ⁣approximately 48 million credentials linked ⁢to Gmail accounts,17 million for Facebook,and 420,000 belonging to Binance cryptocurrency platform users.

The list⁣ extends to entertainment and ​productivity services, with ⁤records for 3.4 ⁣million Netflix accounts, 1.5 million Microsoft Outlook accounts, and 900,000 Apple iCloud accounts. 1.4 million logins for institutional and academic​ accounts were also identified, as well as credentials ⁢for⁣ platforms like TikTok and OnlyFans.

A Treasure Trove⁢ for Cybercriminals

Beyond credentials⁤ for social‌ media and ⁤email,the database contained critical information such as access to government systems ⁤in various countries,bank accounts,and credit ⁣card ⁢data. According to Fowler, as explained to Wired, this massive collection is akin to a⁢ wish list for any criminal, given the variety of ⁣credentials‍ available. The analyst noted that ‍the⁣ system appeared to automatically classify each record with a unique identifier, suggesting a ‍premeditated institution to‍ facilitate searching and perhaps⁤ the sale of this data on the ⁤dark web.

While the⁣ source of ‍the data collection ⁢hasn’t ​been identified, Fowler suspects the information was compiled through ‍”infostealing malware.” ⁤This refers ⁣to malicious software⁢ designed to infect computers and mobile devices, using‌ techniques⁣ like ⁢”keylogging” -‍ recording every ⁤keystroke – to capture what is typed into website forms, including login credentials, ⁤as they ‌are entered.

A Growing Threat

During‍ the ⁣month ‌it‍ took the researcher to contact the ‍hosting provider, the database continued to grow, accumulating new‍ records daily. This reinforces the idea ‍that‍ it was an active data collection operation ⁤from infected devices in real-time.

The phenomenon of “infostealers” is​ lowering the barrier to entry for cybercrime. According to Allan Liska, a security analyst at recorded Future quoted in the report, renting the‍ infrastructure needed to carry out these types of attacks can cost between $200 and $300 per month (equivalent to €170 to €255). This low cost allows criminals with less technical knowledge to gain access to hundreds of thousands of new credentials each month, exponentially increasing the risk to ordinary users and organizations.

The‍ usual security suggestion remains: ⁢using⁤ two-factor authentication is one of the most effective barriers against this⁣ type of account ⁢compromise.