Veteran cybersecurity researchers say they have discovered a secret database containing more than 184 million account login credentials on numerous platforms.
Data breaches hunter Jeremiah Fowler says he found an unsecured database of exactly 184,162,718 login records across more than 47 GB of data.
Fowler says that determining the size and scope of a database can be held by researchers investigating data breaches or other criminal activity, or by directly owned by data thieves themselves who have used malware to obtain their credentials.
“Knowing logins and passwords for millions of accounts is a dream come true for cybercriminals. There’s probably a long list of published qualifications and how emails can be misused.”
Fowler says a small sample of the records he analyzed includes 479 Facebook accounts, 475 Google accounts, 240 Instagram accounts, 227 Roblox accounts, 209 Discord accounts, and more than 100 Microsoft, Netflix and PayPal accounts respectively.
The sample also includes login information for Amazon, Apple, Nintendo, Snapchat, Spotify, X, WordPress, Yahoo, and many more.
Due to the scope of the published information, Fowler said the victims are currently vulnerable to several types of attacks, including corporate spying, phishing and social engineering, and account acquisitions.
He also said the agency appears to be included in the hack.
“I have seen many .gov accounts from countries around the world. If any of these compromised accounts had security clearance in the state’s network or sensitive areas of data, these could be a serious potential risk.”
The exact origin of the database is unknown, but Fowler points out that the password field is labeled “Senha,” a “password” in Portuguese.
Fowler says he thinks it’s “very possible” for cybercriminals to be held liable, calling it the only reasonable explanation for a large collection of login data.
Generated Image: Midjourney
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
