More than 184 million account credentials likely obtained via information-stealing malware attacks have been exposed by an unsecured database potentially owned by malicious actors, Cybernews reports.
Aside from containing usernames and passwords for various Microsoft offerings, email providers, Facebook, Instagram, Roblox, and Snapchat, such a database also included banking, health platform, and government portal credentials from around the world, according to an analysis by cybersecurity researcher Jeremiah Fowler published on Website Planet. "To confirm the authenticity of the data, I messaged multiple email addresses listed in the database and explained that I was investigating a data exposure that may have involved their information. I was able to validate several records as these individuals confirmed that the records contained their accurate and valid passwords," said Fowler, who warned that attackers who gathered the data could still harness it for malicious activity even if the misconfiguration has since been remediated.
Aside from containing usernames and passwords for various Microsoft offerings, email providers, Facebook, Instagram, Roblox, and Snapchat, such a database also included banking, health platform, and government portal credentials from around the world, according to an analysis by cybersecurity researcher Jeremiah Fowler published on Website Planet. "To confirm the authenticity of the data, I messaged multiple email addresses listed in the database and explained that I was investigating a data exposure that may have involved their information. I was able to validate several records as these individuals confirmed that the records contained their accurate and valid passwords," said Fowler, who warned that attackers who gathered the data could still harness it for malicious activity even if the misconfiguration has since been remediated.
