Cybersecurity researcher Jeremiah Fowler has discovered a misconfigured and unprotected database containing over 184 million unique login names and passwords. According to Fowler’s research, shared with Hackread.com, this exposed collection amounted to approximately. 47.42 gigabytes of data.
A Massive Data Leak - The database, which lacked password protection or encryption, stored credentials for numerous online services. These included popular email providers, major tech platforms such as Microsoft, and social media sites like Facebook, Instagram, Snapchat, and Roblox.
Worse still, the leak also contained access information for bank accounts, health platforms, and even government portals from various countries, putting unsuspecting individuals at high risk. Fowler confirmed the authenticity of some records by contacting individuals whose emails were found in the database. Several people verified that the listed passwords were indeed accurate and valid.[1]
Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected using infostealer malware.
Upon discovery, Fowler quickly notified the hosting provider, and the database was removed from public access. The database’s IP address pointed to two domain names, one of which appeared to be unregistered. Due to private registration details, the true owner of this data cache remains unknown.
It’s also unclear how long this sensitive information was exposed or if other malicious actors had accessed it before its discovery. Since the hosting provider did not reveal customer details, the purpose of the data collection is unclear, whether for criminal activity or legitimate research with oversight.
Logins & Passwords Stored in the Database (Source: Website Planet)
Logins & Passwords Stored in the Database (Source: Website Planet)
Logins & Passwords Stored in the Database (Source: Website Planet)
1 of 3 - The Infostealer Connection: From the looks of it, the database belonged to cybercriminals who were collecting data using infostealers and ended up exposing their own database in the process. Infostealers are widely used and effective tools among criminals. In fact, reports have shown that even the US military and FBI have had their systems compromised by infostealers costing as little as $10.
Infostealer malware is specifically designed to secretly collect sensitive information from infected computers, typically targeting login credentials stored in web browsers, email programs, and messaging apps.
Hackread.com’s reporting of the recent coordinated action by Microsoft and Europol to disrupt Lumma Stealer’s infrastructure, which infected over 394,000 Windows computers worldwide, offers a critical insight into the kind of threat highlighted by Fowler’s discovery.
As analysed by Fowler, the data, often raw credentials and URLs for login pages, aligns perfectly with what infostealers like Lumma are designed to steal. Although Fowler could not definitively name the specific malware responsible for the exposed database, the characteristics of the data strongly suggest such a method.
Exposing one's own servers to cybercriminals is nothing new. Just a few months ago, reports revealed that the well-known ShinyHunters and Nemesis hacking groups collaborated to target and extract data from exposed AWS buckets, only to leak their own in the process accidentally.
Protection Against InfoStealers - The availability of millions of login details presents a significant advantage for cybercriminals who can exploit them through methods like “credential stuffing attacks” and “account takeovers.” These attacks allow criminals to access personal data, enabling identity theft or financial fraud.
The exposed data can also include business credentials, posing risks of corporate espionage and even sensitive state networks. Knowing an email and an old password can make phishing and social engineering attacks more convincing.
Fowler urges users to stop using their emails as cold storage, regularly update passwords, especially in cases of unknown breaches, never reuse unique passwords across accounts, use Two-Factor Authentication (2FA), and enable login notifications or suspicious activity alerts.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://hackread.com/database-leak-184-million-infostealer-emails-passwords/
Comments