Infostealer malware suspected in major username and password leak
A public database containing over 184 million login credentials was found unprotected, likely harvested by infostealer malware, researchers say.
Cybersecurity researcher Jeremiah Fowler reported discovering a publicly accessible, unprotected database containing more than 184 million login credentials from services including Facebook, Instagram, Microsoft, Roblox, Snapchat, and many others.
Wired noted that the leak also included data from Apple, Amazon, Nintendo, Spotify, Twitter, Yahoo, banks, healthcare providers, and government portals.
Fowler was unable to determine the database’s origin, its intended purpose, or how long it remained exposed. After reporting it to the hosting provider, access was restricted.
He verified the data’s authenticity by contacting individuals using emails listed in the database and identifying himself as a researcher.
Fowler suspects the data was collected using infostealer malware, which targets credentials stored in browsers, email clients, and messaging apps. Cybercriminals may distribute such malware through phishing attacks, malicious links, or cracked software.
To avoid these threats, users are advised to scrutinize links in emails and messages, confirm website URLs before visiting, and avoid downloading software from unverified sources.
Apple users should rely on the Mac App Store or reputable developers’ websites. Promptly installing OS and app updates is also essential for staying secure.
Fowler’s discovery highlights the persistent threat of infostealer malware and the need for users to remain vigilant when interacting online.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!