A huge database containing 184 million login details—including accounts from Apple, Google, Facebook, and many others—was recently discovered online, as revealed in a report by WIRED. The leak included usernames and plain-text passwords, putting millions of people and dozens of government accounts at risk.
Data included usernames and plain-text passwords from Apple, Google, Facebook. Government accounts from 29 countries were part of the leaked data. The database was likely compiled by hackers using infostealer malware.
WIRED reports that security researcher Jeremiah Fowler discovered the unsecured Elastic database during early May. Fowler described this incident as remarkable because it involved an enormous number of different accounts. “This is probably one of the weirdest ones I’ve found in many years,” he told WIRED. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list,” he added. Fowler believes the hackers obtained the data through malware known as an infostealer, which steals login information from compromised computers. “It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world,” Fowler told WIRED. The database operated from World Host Group’s servers. The server operated under fraudulent control until the company shut it down.“Our legal team is reviewing any information we have that might be relevant for law enforcement,” said CEO Seb de Lemos, as reported by WIRED. Though the leak is closed, experts warn the exposed login credentials could already have been stolen and misused for fraud or identity theft.
