Latest news with #JeremiahFowler
Hindustan Times
12 hours ago
- Hindustan Times
Over 184M passwords from Apple, Google, Facebook, Microsoft exposed in massive leak
A recent discovery has exposed a vast number of passwords and sensitive data from major online platforms. Cybersecurity expert Jeremiah Fowler uncovered an unsecured database containing more than 184 million passwords along with email addresses and authorisation links online. The leaked information involved popular services such as Apple, Google, Facebook, Microsoft, Instagram, and Snapchat. The exposed data goes beyond just passwords. It includes login details for banks, financial institutions, health services, and government portals. Unlike typical databases that protect such information through encryption, this database was stored as a plain text file, making the information easily accessible to anyone who found it online, The Indian Express reported. Also read: Microsoft launches Xbox Copilot beta on Android app to assist gamers with real-time support Fowler's investigation suggests that the data may have been collected using infostealing malware. This type of malicious software, such as Lumma Stealer, collects usernames, passwords, credit card details, and other sensitive information from compromised systems. The stolen data is often sold on the dark web to cybercriminals. Upon finding the unsecured file, Fowler notified the hosting provider responsible for storing the database. The hosting company quickly restricted public access to the file, but it declined to provide information about the owner. To verify the authenticity of the leak, Fowler reached out to several individuals whose details appeared in the database. They confirmed that their credentials had indeed been exposed. Also read: Uber users can now book Delhi Metro tickets within the app: Here's how to do it Experts warn that individuals who reuse the same password and username across multiple platforms face higher risks. Once cybercriminals access one account, they can exploit personal data for identity theft, fraud, and scams. The breach also included business accounts, which put company records and operations at risk. Threat actors could use such information to steal business data, conduct espionage, or launch ransomware attacks. The leak even contained login details for certain government services and private conversations. Also read: PlayStation Days of Play Sale: Spider-Man 2, God of War Ragnarök, and more games get big price cuts While no method guarantees full protection against data breaches, experts advise using strong, unique passwords and changing them regularly. Multi-factor authentication adds an extra layer of security. Additionally, Google offers a free tool to check if your credentials have appeared in data leaks online. Users should remain vigilant and update their security practices to reduce the impact of such incidents.
Yahoo
16 hours ago
- Business
- Yahoo
184M passwords for Google, Apple and more exposed in major data breach
The Brief A cybersecurity researcher found a mysterious database that was publicly exposed and included more than 184 million passwords. The login information and passwords included Google, Apple, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and "many more." Some of the passwords were linked to government portals that could "put exposed individuals at serious risk," he said. More than 184 million passwords and other login information – including Google, Apple and government accounts – were exposed through a mysterious, publicly exposed database that has since been taken offline. In a recent blog post, Jeremiah Fowler, a longtime cybersecurity researcher, said the database wasn't password-protected or encrypted, and it had 184.2 million logins and passwords – more than 47 Gigabytes of raw data. What we know Fowler believes the exposed data may have been obtained by using a type of "infostealer malware," a malicious software that can infect a system and extract sensitive information, like the kind stored in web browsers, email accounts and messaging apps. RELATED: Medusa ransomware: CISA issues email security warning The database is hosted by World Host Group, a company that manages operating systems for more than 2 million websites, according to Wired. But this mysterious trove of logins and other personal information is "an unmanaged server" fully controlled by a fraudulent user, the company said. What we don't know Fowler hasn't confirmed exactly how the data was collected, but he says there's a lot of evidence pointing to the info-stealing malware. Cybercriminals often deploy the malware through phishing emails, malicious websites or cracked software, he said. The stolen data is typically shared on the dark web and Telegram channels or used to commit fraud, identity theft or more cyber attacks. What they're saying "The database contained login and password credentials for a wide range of services, applications, and accounts, including email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more," Fowler wrote. "I also saw credentials for bank and financial accounts, health platforms, and government portals from numerous countries that could put exposed individuals at significant risk." Why you should care Fowler said millions of people keep years' worth of sensitive information in their email accounts – including tax documents, medical records, passwords and more. If cybercriminals have access, you are at risk of having your data stolen. What you can do Fowler recommends keeping track of which sensitive data is stored in your email account and deleting emails that contain important files. He said to use an encrypted cloud storage method instead of email if you have to share personal information. If you're still using the same passwords on multiple accounts and devices, you're making it easier for cybercriminals to gain unauthorized access by using automated scripts to try login and password combinations for thousands of websites. "Even if one account is still active and they gain unauthorized access, it could create serious security risks and open the door to a wide range of potential attacks," Fowler wrote. Read his full blog on Website Planet here. The Source This report includes information from Jeremiah Fowler's post on Website Planet.
CNET
a day ago
- Business
- CNET
184 Million Passwords Leaked for Google, Facebook, Instagram and More. How to Protect Your Accounts
You might have seen the news of a database leak containing 184 million passwords tied to accounts from Microsoft, Google, Facebook, Instagram, Roblox and other organizations. The report by cybersecurity researcher Jeremiah Fowler on Website Planet says login credentials for bank and financial accounts, health platforms and government portals from numerous countries were also exposed. The data was left unprotected by an unknown database owner and then accessed by cybercriminals via infostealer malware. Although the database has been removed from public access, the damage is seemingly done. So what should you do if you think any of your login credential data was compromised? A percentage of the login credentials in the 47.42GB file are likely outdated. But some passwords and usernames may still be active. In fact, Fowler wrote in his post that he emailed multiple people whose information was in the database and they confirmed the emails and passwords were still in use. How can I protect myself from this data leak? If you think you were impacted by the bad actors who accessed this database, here are a few steps you should take as soon as possible to limit the potential damage. Change your password It's good to get in the habit of changing your passwords regularly. Your new passwords should be unique from other accounts. This thwarts a cybercriminal's ability to take over several of your accounts by using the same exposed login credentials. Keep in mind that the longer the password is the better, because it'll make it harder for bad actors to crack. Start with account passwords we know may have been impacted in this data leak like, Instagram, Facebook, Google or Roblox. From there you can update other passwords to sensitive accounts you haven't updated in the past year. Consider a password manager If keeping track of all your different passwords is too cumbersome, you can sign up for a password manager. CNET recommends Bitwarden. Password managers create unique passwords for every online account you create and will scan the dark web for any compromised passwords. They even guard against phishing attacks by not autofilling passwords on suspicious websites. Turn on two-factor authentication You should turn on two-factor authentication for every online account you have. When a bad actor attempts to log into your account, you will receive a text message or email with a code to verify it's you logging in from a new device. Be aware of phishing attacks Cybercriminals will use stolen data to target potential victims via phishing attacks. These can occur over phone, text, email and even direct messages on social media. Do not click on any suspicious links, download files or scan QR codes from unknown sources. You can't stop your data from being compromised in a leak or breach, but identity theft protection can monitor your information on the dark web and alert you if something is awry. Aura Aura CNET's best overall identity theft protection service Protect your personal data and get peace of mind with CNET's top pick for identity theft software.
Indian Express
a day ago
- Indian Express
Over 184 million passwords from Apple, Google, Facebook, and Microsoft leaked online, claims researcher
More than 184 million passwords may have been compromised in a new massive data leak. According to cybersecurity researcher Jeremiah Fowler, who first discovered and reported the massive data breach, an unsecured database that contained millions of emails, passwords and authorisation URLs for apps and websites, including Apple, Google, Facebook, Microsoft, Instagram, Snapchat and others, was found online. While passwords can be changed, what's more concerning is that the database also included sensitive information like login credentials for banks and financial accounts as well as those used to log in to health platforms and government portals. Moreover, unlike most databases, which encrypt sensitive information to prevent it from going into the wrong hands, this database was in the form of a plain, unencrypted text file. On further analysis, Fowler came to the conclusion that this data sensitive may have been captured by some sort of infostealing malware. For those unaware, cybercriminals often use infostealing malware like Lumma Stealer to grab sensitive information like usernames, passwords, credit card numbers from breached websites and systems and sell it on the dark web. Fowler says he also contacted the hosting provider storing the plain text file with more than 184 million passwords, after which the service made it inaccessible to the public. But when the security researchers asked about the file owner, the hosting service refused to share details. To see if the database was legitimate, the cybersecurity researchers did say that he emailed several people whose passwords and usernames had been leaked and found out that this exposed sensitive information was indeed real. He also noted that people who use the same username and passwords across services are the ones who are the most vulnerable to such threats. Also, once cybercriminals gain access to your account, they may use your personal information to commit online fraud, identity theft and even run scams. The researchers also said that the unsecured database contained business credentials, which could be used by threat actors to steal business records, conduct corporate espionage and plant ransomware. As it turns out, it also contained login credentials of several government services and people's conversations. While there is no surefire way to protect yourself from data breaches, it is recommended to use strong passwords, frequently change them and use multi-factor authentication whenever possible. Google also offers a free tool that lets you check if your credentials have been leaked on the dark web.
The Irish Sun
2 days ago
- The Irish Sun
Urgent warning as 180 MILLION passwords ‘exposed' including Gmail, Netflix and PayPal accounts in huge data dump
A DATA dump containing more than 180million private login details from popular online services has been uncovered by a security expert. The huge haul reportedly includes credentials and passwords for accounts including Facebook, 2 Login details for platforms like Netflix were reportedly among the data dump Credit: Getty 2 Experts believe cyber criminals used an infostealer malware to obtain all the info Credit: Getty Others range from Roblox and Microsoft, to Apple and Discord. Login information for banks, health platforms and even government portals were also exposed. Cybersecurity researcher Jeremiah Fowler sounded the alarm after finding the publicly exposed database which was not The expert believes the breach may have come about because of common infostealer malware. Read more about passwords Infostealer malware sneakily captures sensitive details from infected systems. They tend to sniff out usernames and passwords stored on things like web browsers, email software or messaging apps. "Many people unknowingly treat their email accounts like free cloud storage and keep years' worth of sensitive documents, such as tax forms, medical records, contracts, and passwords without considering how sensitive they are," Fowler wrote. "This could create serious security and privacy risks if criminals were to gain access to thousands or even millions of email accounts. Most read in Tech "From a cybersecurity perspective, I highly recommend knowing what sensitive information is stored in your email account and regularly deleting old, sensitive emails that contain PII, financial documents or any other important files. "If sensitive files must be shared, I recommend using an encrypted cloud storage solution instead of an email." 6 Essential Safety Tips for Online Shoppers The exposure serves as an important reminder that users must routinely change their passwords. It's not clear how long the database was left for anyone to see, but it's now been taken down. There's also no indication about who may be responsible for the large collection, which had a total of 184,162,718 records. Fowler reported the database to the web hosting platform World Host Group. The company's CEO told "The system has since been shut down. Our legal team is reviewing any information we have that might be relevant for law enforcement." TIME TO TRY PASSKEYS? Here's what security expert Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, told The Sun... 'Passwords are both hard to remember and in most cases, easy to guess. "I would venture to say that most users (especially older users) will reuse passwords, simply because of all of the websites and apps that require sign-ins. "While password managers do help, they are at best, a stopgap measure and do not offer full-ranging security for your login information. "Passkeys offer the advantage of eliminating the need to enter an email address and password to log in. "This is especially handy when users are logging in on an iPhone or Android device. "Passkeys have multiple advantages over passwords. Passkeys cannot be shared or guessed. "Passkeys are unique to the website or app they are created for, so they cannot be used to login elsewhere like a reused password can. "Plus, passkeys cannot be stolen in a data breach, as the passkeys are not stored on the company's servers. "But are instead are a private key stored only on your device, where biometric authentication (like face ID or Touch ID) is required to use the passkey.' Image credit: Getty
