""This is not the first dataset of this kind I have discovered and it only highlights the global threat posed by credential-stealing malware," Fowler wrote in a blog post. "When data is collected, stolen, or harvested it must be stored somewhere and a cloud based repository is usually the best solution. This discovery also shows that even cybercriminals are not immune to data breaches. The database was publicly accessible, allowing anyone who discovered it to potentially access the credentials of millions of individuals.""
"In some instances, particularly with financial service platforms, trading accounts, or cryptocurrency wallets, credit card and banking logins were also accessible. Alarmingly, Fowler discovered credentials associated with .gov domains linked to several countries. "While not every government-linked account grants access to sensitive systems, even limited access could have serious implications depending on the role and permissions of the compromised user," Fowler warns."
A data leak exposed more than 149 million unique logins and passwords, totaling approximately 96 GB of credential data. Thousands of files contained emails, usernames, passwords, and URLs pointing to the corresponding login sites. Exposed credentials spanned social media, financial services, dating sites, entertainment accounts, trading accounts, and cryptocurrency wallets, with some entries including credit card and banking logins. The leak included credentials associated with .gov domains from several countries, creating opportunities for impersonation, spear-phishing, or initial access to government networks. The database was publicly accessible, allowing anyone who found it potential access to millions of accounts.
#credentials-leak #credential-stealing-malware #government-account-exposure #publicly-accessible-database
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]