Apple login credentials were among a massive database of 184 million records found sitting unprotected on a web server. Other logins included Facebook, Google, Instagram, Microsoft, and PayPal.
The owner of the database is unclear, but the security researcher who discovered it says that it amounts to “a cybercriminal’s dream working list” …
Jeremiah Fowler said that the database itself was not protected in any way, and was simply sitting on a web hosting server. It includes logins for various government portals, as well as banks and other financial service companies.
The publicly exposed database was not password-protected or encrypted. It contained 184,162,718 unique logins and passwords, totaling a massive 47.42 GB of raw credential data.
In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts. The database contained login and password credentials for a wide range of services, applications, and accounts […]
I also saw credentials for bank and financial accounts, health platforms, and government portals from numerous countries that could put exposed individuals at significant risk.
The list of credentials included Apple IDs. The database is so large that Fowler hasn’t been able to identify every service it includes, but among them are logins for:
- Apple
- Amazon
- Discord
- Microsoft
- PayPal
- Snapchat
- WordPress
- Yahoo
He was able to verify the authenticity of the personal data by emailing some of those whose records were included and confirming that the passwords included were genuine.
He contacted the web hosting company to report it, and they restricted access to it but would not confirm details of the owner of the account.
Fowler believes that the data was likely gathered from infostealers – malware specifically designed to mine devices for personal information.
The records exhibit multiple signs that the exposed data was harvested by some type of infostealer malware […] This malware usually targets credentials (like usernames and passwords) stored in web browsers, email clients, and messaging apps. Some variants of the malware can also steal autofill data, cookies, and crypto wallet information — some can even capture screenshots or log keystrokes.
Common methods for deploying infostealers include phishing emails and pirated software.
One specific danger is criminals using phishing attacks to gain access to email accounts, like Gmail. This can be an absolute treasure trove of data for criminals.
Many people unknowingly treat their email accounts like free cloud storage and keep years’ worth of sensitive documents, such as tax forms, medical records, contracts, and passwords without considering how sensitive they are. This could create serious security and privacy risks if criminals were to gain access to thousands or even millions of email accounts.
From a cybersecurity perspective, I highly recommend knowing what sensitive information is stored in your email account and regularly deleting old, sensitive emails that contain PII, financial documents or any other important files.
Fowler said that as an ethical researcher, he did not download the database, and instead sampled it using screenshots for the purposes of contacting victims to confirm details.
Highlighted accessories
Photo by Benjamin Lehman on Unsplash
FTC: We use income earning auto affiliate links. More.
