A massive data violation that has exhibited more than 184 million online accounts has been discovered, and experts call stolen information A “cybercriminated dream”.
The Apple Treasure, FacebookAnd Google User names and passwords were found online in a server not managed by Data violation hunter And security researcher Jeremiah Fowler.
The mysterious database contained not only secure connection data for millions of private people, but also had information on stolen accounts linked to several governments around the world.
While looking at a small sample of 10,000 of these stolen accounts, Fowler found 220 email addresses with .GOV domains, connecting them to more than 29 countries, including the United States, the United Kingdom, Australia, Canada,, China,, India,, IsraelAnd Saudi Arabia.
“This is probably one of the strangest that I have found for many years,” Fowler told Wired.
“Regarding the risk factor here, it is much greater than most of the things I find, because it is direct access to individual accounts. This is the work list of dreams of cybercriminated, ”continued the cybersecurity expert.
In total, Fowler discovered 47 gigabytes of data with information sensitive for accounts on various sites, including Instagram, Microsoft, Netflix, Paypal, Roblox and Discord.
The best action to be taken right now is to change your passwords if you are using one of these platforms and also activate two-factor authentication, which adds another safety layer to connect by sending a secure code to your phone or email.
The Trove of Apple, Facebook and Google user names and passwords was found online in a server not managed by the data violation hunter and safety researcher Jeremiah Fowler
Fowler discovered the database in early May when looking for vulnerabilities on the Internet in the main computer networks.
The unprotected database has been managed by World Host Group, a provider of web hosting and domain names founded in 2019.
It operates more than 20 brands worldwide, offering cloud accommodation, domain services and technical support for businesses of all sizes.
Once Fowler has confirmed that the information on display was authentic, he reported the violation of the world reception group, which closed access to the database.
Seb de Lemos, CEO of World Host Group, said Cable: “It seems that a fraudulent user has scored and downloaded the illegal content to his server.”
Fowler said that “the only thing that makes sense” is that violation was the work of a cybercriminated because there is no other way to achieve so much access to information of so many servers around the world.
The way the 184 million accounts found themselves in the open database is always a mystery. There were no identifiable owners and no goal for the connection IDs to be there.
Fowler suspected that the person who collected private data used a malware program called infosteller to compile this list.
All the hackers who have accessed the database before its discovery can use user names and stolen passwords to connect to accounts, potentially stealing personal or money.
They could also have engaged in fraud by carrying out unauthorized transactions or by initiating an identity theft.
The mysterious database contained not only secure connection data for millions of private people, but also had information on stolen accounts linked to several governments around the world
The cybersecurity expert warned that this particular violation also poses a major risk of national security.
The exploitation of government messaging accounts could allow hackers and foreign agents to access sensitive or even top secret systems.
Stolen data could also be used as part of a larger phishing campaign, using a person’s hacked account to obtain private information from other potential victims.
In addition to creating new passwords and activating two-factor authentication, cyber-experts urge anyone who uses these platforms to start monitoring their accounts for suspicious activity.
This includes monitoring emails, banking applications and social media accounts for the changes that you have not made yourself.
Apple, Google and Meta can also consider freezing their credit and activating fraud alerts on their bank accounts.
This will allow them to prevent anyone from using his personal information to open new financial accounts on his behalf.
The best action to be taken right now is to change your passwords if you are using one of these platforms and also activate two -factor authentication
This last discovery of stolen files comes just days after more than a billion Facebook users have stolen their information on the private account in one of the greatest data of social media history.
A cybercrimiral using alias bytebreaker claimed to have Stracted 1.2 billion Facebook files And now sells data on the Dark web.
Scratching or web scratch implies the use of automated tools to collect large amounts of data from websites, similar to the copy and coloring of large -scale information.
Fowler noted that it is unlikely that scratching has been used in this new diagram due to the presence of passwords in clear text in the database.
