Your account may also be included in the leak, 15 crore passwords exposed, 96GB data lying open on the internet
A very serious cyber security incident has come to light, in which more than 15 crore (149 million) unique usernames and passwords were found openly exposed on the internet. The surprising thing is that this data was not available through any major hack, but in an open database without any password or encryption, which anyone could access.
This huge data leak was revealed by cybersecurity researcher Jeremiah Fowler, who shared the discovery through ExpressVPN. According to the report, this database was filled with about 96GB of raw credential data.
Accounts of which apps and services were leaked?
This data leak included logins of almost every major online platform. It affected social media platforms like Facebook, Instagram, TikTok, and X (formerly Twitter), as well as dating apps, OnlyFans, and many other services.
Streaming and entertainment services also did not remain untouched by this. According to the report, accounts of platforms like Netflix, HBO Max, Disney Plus and Roblox have also been leaked.
Talking about email services, data of about 4.8 crore Gmail, 40 lakh Yahoo, and 15 lakh Outlook accounts was included. Apart from this, credentials related to 4.2 lakh accounts of Binance, banking logins, crypto wallets and even government (.gov) domains were also found in this leak.
How did the data get leaked?
According to Fowler, this data was collected through Infostealer Malware. This is such a dangerous malware, which silently enters the device and steals the username and password and then stores them in a cloud database.
Is this data still online?
The researcher said that he had informed the hosting provider about this, but after about a month the database was suspended. During this period, the number of data kept increasing, which clearly shows that the malware was continuously adding new credentials.
What should users do?
If you use Gmail, Facebook, Netflix or any online service, change your password immediately, turn on Two-Factor Authentication (2FA), and keep an eye on any suspicious activity. This incident once again proves how costly negligence in digital security can be.
