A database containing 149 million account logins has been found sitting unsecured on a cloud service. The records include 900,000 usernames and passwords for Apple accounts.
It was discovered by the same security researcher who found a similar database of 184 million records last year …
Last year’s discovery
Security researcher Jeremiah Fowler last year discovered a massive database of 184 million records sitting unprotected on a web server. These included Apple accounts alongside logins for Facebook, Google, Instagram, Microsoft, and PayPal.
Fowler said the data was likely gathered from infostealers – malware specifically designed to mine devices for personal information. Common methods for deploying infostealers include phishing emails and pirated software.
A new database of 149M logins
Wired reports that the same researcher has now found a similar database of 149M logins.
A database containing 149 million account usernames and passwords—including 48 million for Gmail, 17 million for Facebook, and 420,000 for the cryptocurrency platform Binance—has been removed after a researcher reported the exposure to the hosting provider […]
The trove also contained about 4 million for Yahoo accounts, 1.5 million for Microsoft Outlook, 900,000 for Apple’s iCloud, and 1.4 million for .edu academic and institutional accounts.
Because it was just sitting unprotected on a server, anyone could access and search it using nothing more than a web browser.
As before, Fowler reported the presence of the database to the hosting service, which has now removed it.
9to5Mac’s Take
The problem of InfoStealers accessing login details for multiple services is only going to grow. As the piece notes, criminals can rent access to both the hardware and software required for as little as $200 a month.
A hacker gaining access to your Apple account could obtain a huge amount of personal data, including access to all of your photos.
Always use a password manager to ensure that you have a unique, strong password for every single website, app, and online service you use. A common tactic used by hackers is to break into a low-security website and then use automated software to try the same login credentials on multiple sites.
- Official Apple Store on Amazon
- Wireless CarPlay adapter
- NordVPN – privacy-first VPN with no logs and independent audits to verify
- Official Apple iPhone Air cases and bumpers
- iPhone Air MagSafe Battery
- Official iPhone cases: iPhone 17 | iPhone 17 Pro and Pro Max | iPhone Air
FTC: We use income earning auto affiliate links. More.
Comments