New Delhi: A huge database containing 149 million usernames and passwords associated with major online services was taken offline, after being contacted by a security researcher who warned the hosting company about the existence of the database. The compromised credentials were linked with accounts of Gmail, Facebook, Netflix, and significant cryptocurrency platforms, which cast new doubts on massive cybercrime and data security, reported by Wired.
An independent security analyst made the discovery when he realized that the database was openly located on the internet without any password or security control. Any individual having a normal web browser would access and search the sensitive information. The database was later deleted by the hosting company claiming that it had breached their terms of service.
Millions of accounts across major platforms exposed
The leaked information contained the logins of a massive variety of platforms. Email providers, social media, streaming services, and crypto exchanges had tens of millions of credentials associated with them. There were also records that seemed to have access to information on the banking services, government portals, and academic systems in a variety of countries.
The amount of the information is so large that it is possible to presume that it was gathered during the period of time and not in one breach. Researchers are of the opinion that it must have been a collection of stolen credentials which were collated together.
Infostealer malware suspected
The researcher claims that the database had prominent indications of being created with infostealer malware. Such malicious software is installed unnoticed and obtains sensitive data including usernames and passwords when users enter them.
As long as attempts were being made to eliminate the data that were exposed, new login information kept on being generated within the database. This was a sign that the malware that it is based on remained operational and was still gathering fresh information live.
Easy access, serious risks
What aroused the most concern among security experts was the quality of organization of the database. In fact, credentials were categorized and tagged, and one can easily search and possibly sell certain account details to cybercriminals who are involved in fraud, stealing identities or scamming.
It is not known who had control of the database and how the information was being exploited but according to the analysts, the arrangement of the database is highly indicative of commercial cybercrime activities.
A wake-up call for users
According to cybersecurity experts, such cases are becoming the order of the day as hacking tools are becoming less expensive and more convenient to operate. The exposure points to the continuous threat to the ordinary internet users.
Researchers highly recommend the use of a separate password to each service, two-factor authentication, and beware of downloads and questionable links. Simple security practices are already mandatory, not luxuries as theft of data continues to increase.