BALTIMORE, MD—A massive data breach has exposed the login credentials of 184 million users, including email addresses and passwords, putting a wide range of online accounts at risk. Cybersecurity researcher Jeremiah Fowler discovered the publicly accessible database, which contained 47.42 GB of unencrypted data, and reported it to Website Planet.

The exposed database contained a variety of sensitive information, including credentials for email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more. Alarmingly, it also included login and password details for bank and financial accounts, health platforms, and government portals from numerous countries.

“Knowing the login and passwords of millions of accounts is a dream come true for cyber criminals,” Fowler said in a statement. He highlighted various ways cybercriminals could exploit the exposed data, including credential stuffing attacks, account takeovers, corporate espionage, and phishing scams.

The IP address of the database was connected to two domain names, one parked and the other unregistered. The Whois registration was private, making it difficult to identify the owner of the exposed data. Fowler immediately notified the hosting provider, who restricted public access to the database. It is unclear how long the database was exposed before Fowler discovered it or if anyone else had accessed it.

While the hosting provider did not disclose the identity of their customer, Fowler’s analysis suggests the data was likely harvested by infostealer malware. This type of malware targets sensitive information stored in web browsers, email clients, and messaging apps. It can also steal autofill data, cookies, and crypto wallet information, and even capture screenshots or log keystrokes.

How Users Can Protect Themselves

• Change Your Passwords Annually: Many people have only one email, and it is often connected to financial accounts, social media, applications, and more. The risks increase if the exposed email credentials are connected to critical work- or business-related systems. Changing passwords can help protect the account if the old password has been exposed in a known or unknown data breach.
• Use Unique and Hard-to-Guess Passwords for Every Account: Everyone has been guilty of this at some point but, as a general rule, you should never reuse passwords. This could potentially allow criminals to compromise multiple accounts and create far more damage.
• Activate Two-Factor Authentication (2FA): Most accounts offer this crucial extra layer of security, and it should absolutely be enabled for sensitive accounts. Yes — it adds extra steps to the login process, but we must accept that this is the price we must pay for security. If 2FA is enabled, then criminals cannot use a password alone to bypass the authorization process.
• Check if Your Credentials Have Been Exposed: There are numerous services (like haveibeenpwned) to see if your email appears in any known breaches. Even if these services do not identify an exposure, it doesn’t mean that the account has not potentially been compromised. This is why it is still a good idea to change passwords occasionally — to take proactive measures.
• Monitor Your Accounts: Some accounts provide login notifications, suspicious activity alerts, or the ability to see login geolocations. If the account offers these features, it can help identify unauthorized access or attempts to reset passwords.
• Consider Using Password Managers: Using a password manager has its pros and cons. On one hand, they are very good at generating and storing unique, complex passwords for a large number of accounts. On the other hand, the primary risk of using a password manager is that, should the master password get into the wrong hands, they would theoretically gain access to all your accounts at once. Although it is not common, there have been instances where the provider of the password management service itself is compromised. The LastPass data breach in 2022 is a prime example of a worst-case scenario where cybercriminals copied a cloud-based backup of the customer vault.
• Invest in a Good Antivirus: Using antivirus software can help detect and remove infostealer malware and spyware if they are known threats and included in their virus database. The detection rate can be higher if the antivirus uses both signature-based and behavior-based detection. However, the bad news is that modified malware and new unknown variants can evade detection using obfuscation and other methods. So, the best thing we can do is regularly conduct a full system scan with a reputable antivirus software and make sure that the software is always updated with the latest version.

This article was written with the assistance of AI and reviewed by a human editor.

Photo via Pixabay

Please follow and like us: