Accessible publicly without the slightest password or the most elementary encryption measure, this Ali Baba Digital cave is full of sensitive information. In total, it was precisely 184,162,718 unique identifiers who were thus at the mercy of the first coming a little curious. “Nothing by examining a limited sample of the documents exposed, I saw thousands of files including e-mail addresses, user names, passwords, as well as URL links allowing access or authenticating on the accounts”details the expert.
The list of services whose access has been compromised gives vertigo: Apple ID, Amazon, Discord, Instagram, Snapchat, Twitter, WordPress, Yahoo … But the most alarming is that this massive leak does not spare much more critical access. We are talking about connection information here for government portals from several nations, banks, various financial institutions, and even health platforms. “I also noticed the presence of identifiers for bank and financial accounts, health platforms, and government portals from many countries, which could expose those concerned at significant risks”with and Garde Jeremiah Fowler.
To ensure the veracity of this explosive data, the researcher did not hesitate to contact certain individuals directly whose information appeared in the base. Their returns were final: passwords were indeed authentic and active. Alerted in the process by the researcher, the web host concerned has promptly restricted access to the server, while keeping, for the time being, the identity of the owner of this dangerous repertoire.
How could such a mass of sensitive data have been raised?
The track favored by Fowler leads straight to “infostealers”. These malware is specifically designed to siphon personal information directly on infected devices. “This type of malware generally targets identifiers saved in web browsers, messaging customers and instant messaging applications,” explains the researcher. Some variants go so far as to steal the automatic entry data, cookies, cryptocurrencies portfolio information – and can even take screenshots or save keyboard strikes ”he specifies. To propagate these cookies, cybercriminals often use proven methods: trapped emails or pirated software truffled with useful loads.
A major concern, underlined with force by the researcher, concerns the compromise of messaging accounts, type Gmail. These can turn into “True data treasures for criminals”. And for good reason, he deplores: “Many people without knowing their email accounts such as free cloud storage and keep years of sensitive documents, such as tax forms, medical records, contracts and passwords, without considering their sensitivity”.
In accordance with his researcher ethics, Jeremiah Fowler says he has not downloaded this database, contenting himself with screenshots for verification purposes. Faced with the magnitude of the threat, he advises users to become aware of the sensitive information that sleeps in their messaging. And add that you have to take the time to “Regularly delete the old sensitive emails containing personal identification information, financial documents or any other important file”.
🟣 To not miss any news on the Geek newspaper, subscribe to Google News and on our WhatsApp. And if you love us, .
