A vast database containing 149 million usernames and passwords has been taken offline following a security alert from researcher Jeremiah Fowler. The compromised information included notable figures, with 48 million accounts linked to Gmail, 17 million to Facebook, and 420,000 to the cryptocurrency platform Binance. Fowler, a longstanding security analyst, revealed that he could not identify the database’s ownership but notified the hosting provider, which subsequently removed the data due to violations of its terms of service.
The trove featured credentials from an extensive range of platforms, including government systems from various nations, consumer banking, credit card logins, and accounts for media streaming services. Fowler suspects that this significant cache was likely compiled through infostealing malware, which infiltrates devices and employs keylogging techniques to capture typed information from unsuspecting users.
As Fowler sought to alert the hosting company, the database continued to expand, accumulating more login credentials over several weeks. While he refrained from disclosing the hosting provider’s identity—due to its global nature and relationships with regional affiliates—he noted that the database was hosted by a Canadian affiliate.
“This is like a dream wish list for criminals, because you have so many different types of credentials,” Fowler stated. The data was organized in a manner that suggested it was intended for easy access and searching, possibly catering to cybercriminals who would pay for specific subsets of the information.
The database’s alarming nature underscores the rising insecurity surrounding publicly accessible databases containing sensitive data. Each day, the number of unsecured data sources on the internet grows, raising alarm about the heightened risk of data breaches. With infostealing malware becoming increasingly accessible, criminals now face a lower barrier to entry for engaging in cybercrime.
Allan Liska, a threat intelligence analyst at Recorded Future, emphasized the worrying trend: “Infostealers create a very low barrier of entry for new criminals,” he said, noting that access to such malicious infrastructure could be rented for less than the cost of a car payment, enabling criminals to gain hundreds of thousands of stolen credentials monthly.
The situation serves as a reminder to individuals and organizations alike about the importance of data security and protective measures against the pervasive threat of cybercrime.