Search
Get in Touch
News

Huge data leak of 149 million credentials exposed without any protection – 98GB of unique usernames and passwords from financial services, social media accounts and dating apps

TechRadar
TechRadar
  • Enormous trove of 149 million credentials exposed online
  • Included usernames and passwords for banking, social media, and .gov accounts
  • It isn’t known how long the database was exposed for, but it has now been taken down

Cybersecurity researcher Jeremiah Fowler (via ExpressVPN) has once again uncovered a huge publicly accessible trove of data.

The massive container of unique usernames and passwords was exposed on the web without any password or encryption protection.

The data contained over 149 million combinations of usernames and passwords totalling around 98 gigabytes of credentials spanning online accounts of almost every kind.

149,000,000 credentials exposed

The credentials found within the container covered financial services including cryptocurrency wallets, trading accounts, and banking account details. Social media and dating app credentials were also included in the database.

Outside of personal accounts, a number of email accounts using the .gov domain were found within the container.

Very little is known about the origin of the exposed cloud storage container, but Fowler notes that traces of infostealer and keylogging malware was present in the database. Upon discovery, Fowler attempted to trace the owners of the account, but was unable to find any associated information.

Instead, Fowler attempted to contact the hosting provider who said that the container was being hosted by a subsidiary operating independently. It took almost one month to have the container taken down, Fowler notes.

The total count and overall size of the exposed cloud storage container discovered by Fowler.

The total count and overall size of the exposed cloud storage container discovered by Fowler. (Image credit: Jeremiah Fowler)

Interestingly, the credentials stored within the database were indexed in such a way as to make them easily searchable using the “host_reversed path”, meaning that the database could have been the work of an organized hacker, or may have been a research database.

A database of this size and scope could be used for highly nefarious purposes, such as spear-phishing, banking and credit fraud, and even identity theft. It is not currently known how long the database was left exposed.

The best password managers are one of the top ways to keep your credentials safe from being stolen. Many password managers store your usernames and passwords in an encrypted vault using two-factor authentication, and will scour the dark web to check if any of your credentials have been exposed.

Read more @ TechRadar

Previous article
Who is Devon Pritchard? Nintendo of America’s new president makes first industry appearance since stepping into the role
Next article
Custom-made ‘vishing’ kits are attacking SSO accounts across the world – Google, Microsoft and Okta under threat, here’s what we know
TechRadar
TechRadar

Latest posts

Valve’s Steam Deck OLED will be ‘intermittently’ out of stock because of the RAM crisis

The Verge - 0
Valve has updated the Steam Deck website to say that the Steam Deck OLED may be out of stock "intermittently in some regions due...

This is the first PCIe 6.0 SSD you can actually buy and by ‘you’ I mean hyperscalers — Micron 9650 can reach 28GBps read...

TechRadar - 0
Read more @ TechRadar

What is the release date for The Pitt season 2 episode 7 on HBO Max?

TechRadar - 0
Read more @ TechRadar

I’ve spent months tracking AI personalities like Twitch streamer Neuro-sama and it feels like acceptance — but I think we’re reading it wrong

TechRadar - 0
Read more @ TechRadar

Apple starts testing end-to-end encrypted RCS messages on iPhone

The Verge - 0
iPhone 17 Pro Apple is starting to test end-to-end encrypted (E2EE) RCS messages with the developer beta of iOS 26.4 released Monday. Apple announced plans...

Call of Duty: Warzone Mobile will go offline on April 17

Engadget - 0
Call of Duty: Warzone Mobile will be no more this spring. According to Activision, servers will be taken offline for this mobile battle royale...

More Rode mics can now connect directly to iPhones and iPads

Engadget - 0
Rode is rolling out a firmware update for its Wireless Pro and Wireless Go (third-gen) microphones to add a feature called Direct Connect, which...

There’s a dedicated channel for Formula 1 in the Apple TV app now

Engadget - 0
Apple continues to double down on its Formula 1 programming, following up on the box office success of its blockbuster movie by adding a...

These are the trendiest kind of camera straps this Presidents’ Day, but there’s a catch

TechRadar - 0
Read more @ TechRadar

Toyota says it’s going all-in on battery electric cars with four new battery models, but is it too late?

TechRadar - 0
Read more @ TechRadar

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved