Huge Data Leak of 149 Million Online Accounts: Gmail, Facebook, and Netflix -

Post Views: 9

Huge Data Leak of 149 Million Online Accounts: Gmail, Facebook, and Netflix

‘A huge chunk of data related to accounts of Gmail, Facebook, and Netflix.“

Cybersecurity researchers have revealed that login usernames and passwords for about 149 million online accounts, including social media, streaming services, email, and even financial portals, were found in an unprotected database that was accessible online. This is one of the largest credential exposures in recent memory.

Sensitive credentials could be misused because the exposed data, which is estimated to be around 96 GB in size, was discovered without any encryption or password protection.

After learning that the database was accessible to the public, cybersecurity specialist Jeremiah Fowler shared his discoveries with security platforms, uncovering the enormous cache of login credentials.

Fowler, Report

Login information for numerous services, including Gmail, Facebook, Instagram, Netflix, Yahoo, Outlook, and numerous financial and governmental systems, was among the disclosed credentials.

Anyone can view unprotected data online

It was discovered that 149,404,754 distinct login and password combinations, as well as URLs directly connected to the login or authorization pages of impacted services, were present in the data repository housed on a cloud platform.

The revealed credentials frequently contained usernames or email addresses together with the passwords that went with them, posing a serious security risk to the account holders.

Security Analysts

The database was essentially an open repository that anyone with knowledge of its web location could access because it didn’t seem to have any encryption or password protection. Concerns over basic cybersecurity supervision and careless data management procedures have been highlighted by the unprotected storage of sensitive authentication data.

Numerous Impacted Platforms

According to reports, the breach contained the following comprehensive breakdown of hacked accounts:

Around 48 million Gmail accounts
Approximately 17 million Facebook logins
About 6.5 million Instagram accounts
Roughly 3.4 million Netflix credentials
Some 4 million Yahoo accounts
Nearly 1.5 million Microsoft Outlook logins

Other records included information about other businesses, including dating and entertainment websites, banking and cryptocurrency platforms, and even accounts connected to government and.gov domains in several nations.

The root cause is thought to be infostealer malware

Experts believe that infostealer malware malicious software that stealthily obtains login credentials from compromised machines and then compiles them into a central repository, may have constructed the compromised database.

Once gathered, criminal organizations may highly value this information for use in automated attacks and credential stuffing schemes, among other forms of exploitation.

Cybersecurity Analysts

“Credentials are frequently harvested as users type them by infostealer software, which then transmits the information back to operators.” The scope of the threat has been highlighted by the size and range of services impacted, even though it is still unclear exactly where and when the data was collected.

After the researcher notifies the supplier, the database is taken offline

Fowler notified the hosting company of the unprotected database after finding it, and the repository was later made inaccessible to the public. However, security experts caution that since fraudsters frequently swiftly skim such information before they are taken down, even a brief exposure of unprotected credentials can have long-lasting effects.

Dangers and User Recommendations

Security experts point out that unprotected usernames and passwords provide a significant risk of account takeover, particularly when users utilize the same login information on several different platforms.

These credentials can be used to try to log in to other services once they are obtained by hostile actors. This technique is called credential stuffing, and it has been the cause of multiple breaches in the past.

Users are strongly advised to:

If they suspect exposure, they should change their passwords right away.
Whenever feasible, turn on two-factor authentication (2FA).
Create strong, one-of-a-kind passwords for each service.
Keep an eye out for indications of unauthorized access to bank accounts and email correspondence.

Wider Consequences

The event has sparked new discussion about data protection, cybersecurity procedures, and the necessity of enforcing secure storage regulations more strictly. Experts advise people and organizations to take proactive security steps to protect sensitive and private information online because cyber dangers are always changing.

About The Author

Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”

AI is Used by New Android Malware to Click on Disguised Web Advertisements