Massive Hack Exposes 184M Passwords from Google and Facebook. Is Your Data Safe? | Image:
Unsplash
More than 184 million unique username and passwords may have been exposed in a massive data breach and kept in an unprotected and publicly accessible database.
Experts are calling this a “cybercriminal’s dream.”
According to a new report by cybersecurity researcher Jeremiah Fowler, the exposed information includes 184,162,718 unique logins for major email providers like Google and Microsoft, popular social media platforms such as Facebook, Instagram, Snapchat, and even sensitive accounts related to banks, healthcare, and government services.
Cybersecurity researcher Jeremiah Fowler discovered the database, which was ironically neither encrypted nor password protected.
Fowler believes the data was collected using a type of malware called an “infostealer,” which steals sensitive information directly from users’ devices.
This malware can gather saved passwords, autofill data, cookies, and other private details stored in web browsers and messaging apps.
While Snapchat has stated it has found no signs of a breach on its platform, the full origin of the data is still unclear.
Fowler contacted the hosting provider, who removed the database from public access. However, since the provider wouldn’t share the file’s owner, it remains unknown whether the database was accidentally exposed or created with harmful intent.
Fowler tested the validity of the data by contacting some of the email addresses listed and confirmed the information was accurate.
He warns that many people unknowingly store sensitive documents like tax forms, medical records, and passwords in their email accounts, which puts them at great risk if hackers gain access.
“Many people unknowingly treat their email accounts like free cloud storage and keep years’ worth of sensitive documents, such as tax forms, medical records, contracts, and passwords without considering how sensitive they are. This could create serious security and privacy risks if criminals were to gain access to thousands or even millions of email accounts,” he wrote.
“From a cybersecurity perspective, I highly recommend knowing what sensitive information is stored in your email account and regularly deleting old, sensitive emails that contain PII, financial documents or any other important files,” he further advised.
If sensitive files must be shared, I recommend using an encrypted cloud storage solution instead of an email.”
He advises users to regularly clean out sensitive information from their email accounts and to use encrypted cloud storage services when sharing important files.
