149M Usernames and Passwords Exposed by Unsecured Database
17 days ago
- #data breach
- #cybersecurity
- #infostealer malware
- A database containing 149 million account usernames and passwords was exposed, including 48 million Gmail, 17 million Facebook, and 420,000 Binance credentials.
- Security researcher Jeremiah Fowler discovered the database and reported it to the hosting provider, which took it down for violating terms of service.
- The database also included government system logins, banking credentials, and streaming platform accounts, likely compiled by infostealer malware.
- The database continued to grow during Fowler's month-long attempt to contact the hosting provider, which was a global host with regional affiliates.
- Credentials for Yahoo, Microsoft Outlook, Apple iCloud, .edu accounts, TikTok, OnlyFans, and Netflix were also found in the database.
- The data was publicly accessible and searchable via a web browser, with an automated system organizing logs for easier searching.
- Infostealer malware lowers the barrier for cybercriminals, allowing them to collect vast amounts of credentials for as little as $200-$300 per month.