- The researchers found a new non -protected database
- The database contained hundreds of millions of records
- Among the records there were login credentials for Facebook, Apple and more
The login credentials for Microsoft, Facebook, Snapchat and many other services were recently found in a public database not protected by raisins, available for anyone who knew where to look for.
The database was discovered by Jeremiah Fowler, a security researcher known for looking for large open databases.
According to Fowler, the database contained more than 184 million session and unique passwords: emails, user names, passwords and login login links, for a wide range of applications and service accounts. That includes email suppliers, Microsoft products, Facebook, Instagram, Snapchat, Roblox and many more.
Fowler also said that he saw credentials for bank and financial accounts, health platforms and government portals of “numerous countries.” He managed to confirm the authenticity of at least some of the data in the database, communicating the email addresses found inside.
However, the attribution was complicated. Fowler says that the IP address indicated that the database was connected to two domain names: one parked and not available, and the other not registered and available for purchase.
The Whois registry was established in private, which makes it impossible to identify the true owner of the database.
Attribution problems
But the researcher managed to communicate with the accommodation provider, and shortly after, the public access was restricted. The supplier, however, did not reveal the information about the owner.
With that in mind, Fowler says it is difficult to determine whether the database was generated by a malicious or legitimate actor. Even so, he leans towards the first, claiming to have seen “multiple signs” that the data were harvested with infants of infants.
Infantes infants are generally distributed through phishing, malicious websites or contaminated updates. They can reap confidential information of the committed device, including passwords stored in browsers, important PDF files, cryptocurrency wallet information and more.
Once criminals get access to email accounts, they can use them to launch convincing phishing attacks or steal even more data.
In fact, Fowler argues that many people “treat their email accounts such as free storage” and keep the years of sensitive documents inside.
Through Website planet
