Suspected InfoStealer Malware Data Breach Exposed 184M Logins/Passwords
a year ago
- #Infostealer Malware
- #Cybersecurity
- #Data Breach
- Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database containing 184 million login credentials.
- The exposed data included emails, usernames, passwords, and URLs for services like Facebook, Instagram, banks, and government portals.
- The database was connected to two domain names with private registration, making the owner unidentifiable.
- The data was likely harvested by infostealer malware, which targets credentials stored in browsers and apps.
- Cybercriminals use such data for credential stuffing, account takeovers, corporate espionage, and phishing attacks.
- Recommendations for users include changing passwords regularly, using unique passwords, enabling 2FA, and monitoring accounts.
- Using password managers and antivirus software can help protect against unauthorized access and malware.
- Possessing or distributing stolen personal data may be illegal under laws like the CFAA in the U.S. and GDPR in the EU.
- Jeremiah Fowler, an ethical researcher, reported the breach to secure the data and raise awareness about cybersecurity risks.