A team of researchers has brought to light the one that is already considered the greatest password filtration in history: more than 16,000 million credentials exposed in totalfrom different previous security gaps and now grouped into a single public database, accessible without any protection.
The collection is housed on open servers and includes User names, passwords, cookies, session tokens and other sensitive data. Among the affected services are such popular platforms such as Google, Apple, Facebook, Amazon, Netflix, Paypal, Microsoft, Telegram, Roblox or Github, as well as government services and email accounts or online banking accounts. For more inri, there are many cases in which the data is accompanied by metadata that allow them to easily link them with specific services.
Unlike other incidents, however, this gap does not respond to a recent cyberattack, but to the consolidation of stolen data in different previous operations, sources indicate. According to experts, most credentials have been extracted through the use of ‘infostealers’, malicious programs that infiltrate victims’ devices to subtract personal information.
Although part of the records could be duplicated, the severity of this filtration lies not only in its volume, but in the fact that many of the data set out are still in force. That is, they are current data. In the words of the researchers, we are faced with a «Model for mass exploitation»Credentials, since information can be used for all types of cybethafs, directed phishing attacks or identity impersonations.
The identity that is not known at the moment is that of the person responsible for the publication, but it is suspected that part of the material could proceed with well -established cybercounts. Be that as it may, the free availability of this information multiplies the risks for both private users and for official companies or organizations, given the level of the event.
It is worth mentioning that although the database includes tickets from around the world, the highest volumes apparently correspond to Lusophones and Russian users, who not Portuguese and Brazilian or merely Russian. Be that as it may, experts warn that this filtration represents an unprecedented threat to global digital security, by gathering in one place millions of potential accesses to critical services. “