A staggering data breach has jeopardized tens of millions of online login credentials, with Gmail users being particularly vulnerable. This alarming exposure was brought to light by cybersecurity expert Jeremiah Fowler, who discovered a database containing 149 million compromised accounts.
Fowler, in his detailed report, revealed, “I encountered thousands of files that comprised emails, usernames, passwords, and even URL links to login or authorization pages for these accounts.” Such revelations underscore the pressing need for enhanced digital security measures.
The breach’s most significant impact was felt by Gmail users, with approximately 48 million accounts affected. Following closely were Facebook users, with 17 million compromised accounts. Other notable breaches included Instagram with 6.5 million, Yahoo Mail with four million, and Netflix with around 3.4 million compromised credentials. Additionally, Outlook users saw 1.5 million accounts affected.
Beyond these major platforms, other services such as iCloud, .edu domains, TikTok, OnlyFans, and Binance were also targeted, highlighting the extensive reach of this breach. In a blog post, Fowler emphasized, “The exposed records contained usernames and passwords amassed from victims worldwide, spanning an extensive array of online services and virtually any type of account imaginable.”
This data leak serves as a stark reminder of the pervasive threats lurking in the digital realm, urging users and service providers alike to prioritize cybersecurity vigilance.
‘The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable,’ Fowler shared in a blog post.
The database was left openly exposed online, meaning anyone who came across it could access the credentials of millions of people worldwide.
Fowler noted that anyone who suspects their device may be infected with malware should act quickly by updating their operating system, installing or updating security software, and scanning for suspicious or malicious activity.
Users should also review app permissions, settings and installed programs, and only download apps or extensions from official app stores, he added.
The exposed data set included 149 million login credentials, with the most belonging to Gmail users
Daily Mail has contacted Google for comment.
A spokesperson told Forbes: ‘We are aware of reports regarding a dataset containing a wide range of credentials, including some from Gmail.
‘This data represents a compilation of ‘infostealer’ logs, credentials harvested from personal devices by third-party malware, that have been aggregated over time.
‘We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials.’
Fowler said he saw a range of social media platforms in the data leak, along with dating sites.
‘I also saw a large number of streaming and entertainment accounts, including Netflix, HBOmax, DisneyPlus, Roblox, and more,’ he shared in the report.
‘Financial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records I reviewed.’
The cybersecurity expert was unable to track down the owner of the database, but was able to suspend the host after one month of work, taking all the credentials offline.
The largest batch of stolen credentials was from Gmail, with an estimated 48 million
‘It is not known how long the database was exposed before I discovered and reported it or others may have gained access to it,’ said Fowler.
‘One disturbing fact is that the number of records increased from the time I discovered the database until it was restricted and no longer available.’
The database appeared to contain information collected by keylogging and ‘infostealer’ malware, which is software that secretly steals usernames and passwords from infected devices.
Unlike similar malware data seen before, this database also recorded extra details about where the stolen information came from. It organized the data using a reverse computer or website name, which helped neatly sort the stolen credentials by victim and source.
This format may also have been used to avoid simple security checks that look for normal website addresses.
Each stolen entry was given a unique digital identifier, making sure no records were duplicated. A limited review confirmed that each record appeared only once.
‘Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts, including email, financial services, social networks, enterprise systems, and more,’ Fowler said.
‘This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services.’
