InfoSecBulletin Cybersecurity for mankind
Cybersecurity researcher Jeremiah Fowler discovered a data leak containing 149 million logins and passwords. The database was publicly accessible without password protection or encryption, holding 149,404,754 unique credentials totaling 96 GB.
The leaked records contained usernames and passwords from victims worldwide, covering various online services and accounts. These included social media platforms like Facebook, Instagram, TikTok, and X (formerly Twitter), along with dating sites and OnlyFans accounts for both creators and customers.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The researcher found many streaming and entertainment accounts like Netflix, HBOmax, DisneyPlus, and Roblox, along with financial services accounts, crypto wallets, and banking logins.
The presence of .gov credentials from various countries raises concerns. Even if not all government accounts provide access to sensitive systems, any access can be risky based on the user’s role. Exposed government credentials can lead to spear-phishing, impersonation, or unauthorized entry into networks, posing national security and public safety threats.
The dataset is now inaccessible after multiple attempts. The hosting provider refused to provide details about the database management, leaving it unclear if it was linked to criminal activity or legitimate research, or why it was publicly exposed.
Potential Risks of Exposed Credentials:
The leak of many unique logins and passwords poses a serious security threat. Criminals could automate attacks using this data, targeting accounts across emails, financial services, social networks, and businesses.
How to Protect Your Accounts, Credentials, and Privacy:
The researcher suggested updating the operating system and security software (if installed). If you don’t have security software, install it and scan the device to remove anything that is identified as malicious or flagged as suspicious.
