Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A database containing 149 million usernames and account passwords, including 48 million for gmail17 million LBP FacebookAnd 420,000 for the cryptocurrency platform Binance– Removed after a researcher reported the exposure to the hosting provider.
The longtime security analyst who discovered the database, Jeremiah Fowler, couldn’t find indications about who owned or managed it, so he worked to notify the host, who removed the treasure because it violated the terms of service agreement.
In addition to email and social media logins for a number of platforms, Fowler also observed credentials for government systems from multiple countries as well as logins to consumer banking, credit cards and streaming media platforms. Fowler suspects that the database was compiled by Malware to steal information Which infects devices and then uses them Technologies such as key logging To record information that victims write on websites.
As he tried to connect to the hosting service over the course of about a month, Fowler says the database continued to grow, accumulating additional logins for a range of services. The name of the provider was not mentioned, because the company is a global host that contracts with independent regional companies to expand its scope. The database is hosted by one of these affiliates in Canada.
“This is like a criminal’s dream wish list, because you have so many different types of credentials,” Fowler told WIRED. “It would make a lot of sense for the information to be stolen. The database was in a format designed to index large records as if whoever set it up was expecting to collect a lot of data. And there were a lot of government logins from a lot of different countries.”
In addition to the 48 million Gmail credentials, the trove also contained about four million for Yahoo accounts, 1.5 million for Microsoft Outlook accounts, 900,000 for Apple’s iCloud account, and 1.4 million for academic and institutional “.edu” accounts. There were also, among others, about 780,000 TikTok logins, 100,000 OnlyFans logins, and 3.4 million Netflix logins. The data was publicly available and searchable using a web browser only.
“It seemed to pick up anything and everything, but one thing that was interesting was that the system seemed to automatically label each record with an ID, and these were unique IDs that never came up again,” Fowler says. “It appears that the system was automatically organizing the data while searching for it easier.
Although Fowler stresses that he does not specify who owns or uses the information for what purpose, such a structure would make sense if the data were queried for cybercriminals’ clients who pay for different subsets of information based on their scams.
There is a seemingly endless stream of accidentally unsecured, publicly accessible databases across the Internet that expose sensitive information that anyone can access. But with data brokers and cybercriminals amassing ever larger amounts, the risks of potential breaches are increasing. And the information theft malware has added to the problem By making it simple and reliable for attackers to automate the collection of login credentials and other sensitive data.
“Information thieves create a very low barrier to entry for new criminals,” says Alan Liska, a threat intelligence analyst at security firm Recorded Future. “We have seen popular infrastructure leasing Costs For somewhere between $200-$300 per month, so for less than a car payment, criminals have access to hundreds of thousands of new usernames and passwords per month.