In a significant cybersecurity incident, a database containing 149 million account usernames and passwords has been taken down after a researcher alerted the hosting provider. This extensive dataset included 48 million Gmail accounts, 17 million Facebook accounts, and about 420,000 for the cryptocurrency platform Binance, among others.
The discovery was made by longtime security analyst Jeremiah Fowler, who was unable to ascertain the owners of the database. He reached out to the hosting service, which subsequently removed the collection due to violations of its terms of service. The database not only held credentials for various email and social media platforms but also included sensitive information from government systems across multiple countries, consumer banking details, and logins for popular streaming services.
Fowler suspects that the data was assembled through infostealing malware, a type of malicious software designed to infiltrate devices and harvest sensitive information through tactics like keylogging. This suspicion underscores the growing threat posed by such malware, which allows cybercriminals to automate the collection of login credentials and other sensitive data.
During the one-month period Fowler spent notifying the hosting service, he reported that the database continued to expand, accumulating additional logins for a wide variety of services. While he has chosen not to disclose the name of the hosting provider, he indicated that the database resided within an affiliate operation based in Canada, highlighting the complexities of global data handling and cyber infrastructure.
Fowler described the database as providing a “wish list” for criminals due to the diverse types of credentials it contained. He noted that the structure of the database suggested it was organized for efficient searching, indicating it could facilitate the retrieval of specific user information tailored for various cybercriminal activities. Such a mechanism might appeal to illicit actors seeking specific data subsets for their fraudulent schemes.
Among the credentials found, notable counts included approximately four million Yahoo accounts, 1.5 million Microsoft Outlook entries, 900,000 Apple iCloud logins, and 1.4 million academic “.edu” accounts. Other platforms, such as TikTok, OnlyFans, and Netflix, were also represented, with hundreds of thousands of logins available in a format that was easily searchable online.
This incident exemplifies a troubling trend of unsecured databases that expose sensitive information to potential attackers. Cybercriminals continue to leverage sophisticated infostealing techniques, which have lowered the barriers for new entrants into cybercrime, making it easier to access vast wells of personal data.
According to threat intelligence analysts, the ongoing availability of such infrastructures for cybercriminals raises the stakes for businesses and consumers alike. As data brokers and malicious actors accumulate larger databases, the risk of breaches becomes increasingly significant, prompting organizations to reinforce their cybersecurity strategies to combat these evolving threats. The use of tactics akin to those outlined in the MITRE ATT&CK framework, including initial access via malware and persistence methods to maintain access, underlines the necessity for vigilance in cybersecurity measures.
