A database containing 149 million account logins has been found sitting unsecured on a cloud service. The records include 900,000 usernames and passwords for Apple accounts.
It was discovered by the same security researcher who found a similar database of 184 million records last year …
Last year’s discovery
Security researcher Jeremiah Fowler last year discovered a massive database of 184 million records sitting unprotected on a web server. These included Apple accounts alongside logins for Facebook, Google, Instagram, Microsoft, and PayPal.
Fowler said the data was likely gathered from infostealers – malware specifically designed to mine devices for personal information. Common methods for deploying infostealers include phishing emails and pirated software.
A new database of 149M logins
Wired reports that the same researcher has now found a similar database of 149M logins.
A database containing 149 million account usernames and passwords—including 48 million for Gmail, 17 million for Facebook, and 420,000 for the cryptocurrency platform Binance—has been removed after a researcher reported the exposure to the hosting provider […] The trove also contained about 4 million for Yahoo accounts, 1.5 million for Microsoft Outlook, 900,000 for Apple’s iCloud, and 1.4 million for .edu academic and institutional accounts.
Because it was just sitting unprotected on a server, anyone could access and search it using nothing more than a web browser.
As before, Fowler reported the presence of the database to the hosting service, which has now removed it.
... continue reading