- Huge trove of 149 million credentials exposed online
- Usernames and passwords for bank, social media, and .gov accounts are included.
- It is unknown how long the database was exposed, but it has now been deleted.
Cybersecurity researcher Jeremiah Fowler (vIowa ExpressVPN) has once again uncovered a huge trove of publicly accessible data.
The huge container of unique usernames and passwords was left exposed on the web without any password or encryption protection.
The data contained more than 149 million username and password combinations, totaling about 98 gigabytes of credentials spanning online accounts of almost every type.
149,000,000 credentials exposed
Credentials found inside the container covered financial services, including cryptocurrency wallets, trading accounts, and bank account details. Social media and dating app credentials were also included in the database.
Outside of personal accounts, several email accounts using the .gov domain were found within the container.
Very little is known about the origin of the exposed cloud storage container, but Fowler notes that traces of data-stealing and keylogging malware were present in the database. Following the discovery, Fowler attempted to track down the account owners, but was unable to find any associated information.
Instead, Fowler attempted to contact the hosting provider, who told him that the container was hosted by an independently operating subsidiary. It took almost a month to dismantle the container, Fowler notes.
Interestingly, the credentials stored in the database were indexed in such a way that they could be easily searched using the “host_reversed path”, meaning that the database could have been the work of an organized hacker or may have been a research database.
A database of this size and scope could be used for very nefarious purposes, such as phishing, bank and credit fraud, and even identity theft. It is currently unknown how long the database was exposed.
The best password managers are one of the best ways to prevent your credentials from being stolen. Many password managers store your usernames and passwords in an encrypted vault using two-factor authentication and scan the dark web to see if any of your credentials have been exposed.
The best identity theft protection for every budget
