Moor Studio/Getty Images
While it's not as large in scale as the latest data breach that leaked over 16 billion passwords, another incident has exposed passwords and other sensitive information across some of the most popular services on the internet.
Cybersecurity researcher Jeremiah Fowler revealed his discovery of a massive online database containing more than 184 million unique account credentials, in a report published late last month. Usernames, passwords, emails, and URLs for a host of applications and websites, including Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, among others, were stored in a file. The database also contained credentials for bank and financial accounts, health platforms, and government portals.
Also: 16 billion passwords leaked from Apple, Google, more: Here are the facts and how to protect yourself
The problem? The file was unencrypted. No password protection. No security. Just a plain text file with millions of sensitive pieces of data.
Based on his analysis, Fowler determined the data was captured by some kind of infostealer malware. A popular tool used by cybercriminals, an infostealer is designed to grab usernames, passwords, and other sensitive data from breached sites and servers. Once the criminals get their hands on the data, they can use it to launch their own attacks or peddle the information on the dark web.
After finding the database, Fowler contacted the hosting provider, which removed it from public access. Since the provider would not disclose the name of the file's owner, Fowler said he didn't know if the database was created legitimately and then accidentally exposed or intentionally used for malicious reasons.
To check on the validity of the information, Fowler emailed many of the people listed in the file and told them that he was researching a data breach. Several of the individuals confirmed that the records contained valid account passwords and other data.
Also: Oversharing online? 5 ways it makes you an easy target for cybercriminals
Though the person or people behind the database and exposure are obviously to blame for this incident, users also share some of the responsibility.
... continue reading