“The publicly accessible database was not password-protected or encrypted,” Jeremiah Fowler said, adding that the database of unique logins and passwords amounted to “a massive 96 GB of raw credentials.”
According to cybersecurity researcher Jeremiah Fowler, who discovered the leak and published a report with his findings, the database contained a total of 149,404,754 unique logins and passwords.
It should be noted that This is not a new security breach services concerned. Most likely, it is a database composed of information from previous leaks and infostealer malware logs.
Here are the numbers given by Fowler, arranged by scale: :
- Gmail — 48 million
- Facebook — 17 million
- Instagram — 6.5 million
- Yahoo — 4 million
- Netflix — 3.4 million
- Outlook — 1.5 million\
Read also: Huge Apple Password Leak. 16 billion data for Apple ID, Gmail and Facebook at risk
What to do after a data leak?
Still, all users of Gmail – and other web services, as this database makes it clear that this isn't just a Google account problem – should take the following actions immediately: :
- make sure they do not use the same passwords on different websites,
- if possible, switch to logging in using access keys,
- enable secure two-factor authentication (2FA) to protect your accounts.
Forbes notes that although it is not known for certain whether this was a database used by cybercriminals, this seems to be the most likely reason for its existence. It is possible that it was collected for “legitimate research purposes”, however extremely lax access security make you doubt it.
What is certain, however, is that, as Fowler said, “the number of records increased from the moment I discovered the database until it was restricted and no longer available to the public.” This means that it wasn't a long abandoned projectbut active and constantly developed data set.
