A. M. ESET, a leading proactive threat detection company, analyzes the public exposure of 184 million access credentials (users and passwords). The database was publicly accessible, unprotected, and contained a total of 47.42 gigabytes of sensitive information. The affected services include unprotected and publicly posted records from email server providers, Apple products, Google, Facebook, Instagram, Snapchat, Roblox, among others.
This exposure was revealed by security researcher Jeremiah Fowler, who made it known to WebsitePlanet. According to Fowler theorizes, it is possible that this base is the result of information gathering through an infostealer-type malware, specifically designed to infect systems and steal sensitive information (usually login credentials such as emails and passwords). The researcher revealed that credentials from banks and other financial institutions, healthcare platforms and government portals in several countries were also found among the records.
“It is not known if the database was used for criminal activities or if this information was collected for legitimate research purposes and then carelessly exposed, but it is not known how long the database was exposed before it was discovered, or if someone else could have accessed it”, says Camilo Gutiérrez Amaya, IT Security Researcher at ESET Latin America.
Although the origin of this data is not entirely clear, ESET reminds us of the importance of being aware of this type of malware, which is on the rise and is a silent threat. The ESET Threat Report for the last half of last year had already shown an increase in the activity of these types of malware.
“This recent leak highlights once again how easy it is for millions of pieces of sensitive information, including emails and passwords, to be accessed by programs designed to steal information. Many people often forget that their personal data can be circulating on the Internet in plain text, without encryption or password protection”, said Jake Moore, Global Security Advisor at ESET.
As users you can be exposed to different types of dangers:
- Credential stuffing attacks: If you tend to use the same password for multiple accounts, and it is leaked, hackers can take advantage through this technique of trying different combinations of passwords and users on different sites.
- Control of an account: It is not difficult to think that if they have a password and user, they can simply take control of the account and steal an identity to commit scams on behalf of someone else, or even access to countless personal documents that in many cases are housed in the email account. Of course, all this information can be used to create phishing and social engineering campaigns, better diagrammed, thanks to the personal information they obtain.
“Using the email account as cloud storage for important documents with sensitive data, such as tax forms, medical records, contracts and passwords, can generate risks if someone gains access to our accounts, or suffer one of the many leaks that occur periodically”, warns Gutiérrez Amaya.
- Ransomware or espionage attacks: A vulnerable corporate account can be the gateway for this malware, and even, like the previous point, attackers can obtain valuable information hosted on the email server.
“It is advisable to monitor accounts for any suspicious activity across all platforms and consider using a passcode, which acts as a convenient and strong layer of defense designed to help reduce account compromise and identity fraud. We recommend enabling multi-factor authentication on all accounts and avoiding reusing passwords”, Jake says.
In a constant stream of increasingly sophisticated cyber-attacks to which you must pay attention and keep updated on their tactics, from ESET share simple measures that can be taken, which is important to review again and again:
- Enable two-factor authentication (2FA): This adds an extra step that becomes an effective barrier to prevent unauthorized access to the account if someone gets a password.
- Verify if credentials have been exposed: This can be done using services such as Have I Been Pwned that let you know if an email appears in known leaks.
- Monitor account activity and turn on activity notifications: Some platforms allow you to receive alerts for suspicious logins or see where the account is being accessed from.
- Use a password manager: In addition to storing passwords securely, they also improve credential usage habits.
- Install a trusted anti-malware solution: An up-to-date antivirus can detect and remove malware such as infostealers. Solutions such as EDR (endpoint detection and response) identify anomalous behavior on the system.
