Tens of millions of online login credentials have been compromised in a massive data leak, with Gmail users facing the highest risk.
The exposure was uncovered by cybersecurity researcher Jeremiah Fowler, who uncovered a database of 149 million compromised credentials.
‘I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts,’ Fowler shared in the report.
The largest batch of stolen credentials was from Gmail, with an estimated 48 million, followed by Facebook with 17 million, 6.5 million were linked to Instagram, four million from Yahoo Mail, Netflix credentials totaled to around 3.4 million and there were 1.5 million from Outlook.
Other notable login information was linked to iCoud, .edu, TikTok, OnlyFans and Binance.
‘The exposed records included usernames and passwords collected from victims around the world, spanning a wide range of commonly used online services and about any type of account imaginable,’ Fowler shared in a blog post.
The database was left openly exposed online, meaning anyone who came across it could access the credentials of millions of people worldwide.
Fowler noted that anyone who suspects their device may be infected with malware should act quickly by updating their operating system, installing or updating security software, and scanning for suspicious or malicious activity.
Users should also review app permissions, settings and installed programs, and only download apps or extensions from official app stores, he added.
The exposed data set included 149 million login credentials, with the most belonging to Gmail users
A Google spokesperson told Daily Mail: ‘We are aware of reports regarding a dataset containing a wide range of credentials, including some from Gmail.
‘This data represents a compilation of ‘infostealer’ logs, credentials harvested from personal devices by third-party malware, that have been aggregated over time.
‘We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials.’
They also noted that this is not a new breach, but the database pulled existing compromised credentials into one place.
Fowler said he saw a range of social media platforms in the data leak, along with dating sites.
‘I also saw a large number of streaming and entertainment accounts, including Netflix, HBOmax, DisneyPlus, Roblox, and more,’ he shared in the report.
‘Financial services accounts, crypto wallets or trading accounts, banking and credit card logins also appeared in the limited sample of records I reviewed.’
The cybersecurity expert was unable to track down the owner of the database, but was able to suspend the host after one month of work, taking all the credentials offline.
The largest batch of stolen credentials was from Gmail, with an estimated 48 million
‘It is not known how long the database was exposed before I discovered and reported it or others may have gained access to it,’ said Fowler.
‘One disturbing fact is that the number of records increased from the time I discovered the database until it was restricted and no longer available.’
The database appeared to contain information collected by keylogging and ‘infostealer’ malware, which is software that secretly steals usernames and passwords from infected devices.
Unlike similar malware data seen before, this database also recorded extra details about where the stolen information came from. It organized the data using a reverse computer or website name, which helped neatly sort the stolen credentials by victim and source.
This format may also have been used to avoid simple security checks that look for normal website addresses.
Each stolen entry was given a unique digital identifier, making sure no records were duplicated. A limited review confirmed that each record appeared only once.
‘Because the data includes emails, usernames, passwords, and the exact login URLs, criminals could potentially automate credential-stuffing attacks against exposed accounts, including email, financial services, social networks, enterprise systems, and more,’ Fowler said.
‘This dramatically increases the likelihood of fraud, potential identity theft, financial crimes, and phishing campaigns that could appear legitimate because they reference real accounts and services.’
