Over 149 million account credentials from various internet platforms, including Gmail, Instagram, Facebook, and Netflix, have reportedly been leaked. This information comes from a report by ExpressVPN, authored by cybersecurity expert Jeremiah Fowler. The exposed data includes 48 million Gmail accounts, 4 million Yahoo accounts, 17 million Facebook accounts, 6.5 million Instagram accounts, 3.4 million Netflix accounts, and 1.5 million Outlook accounts.
The database containing these credentials was neither password-protected nor encrypted, making it publicly accessible. It held a staggering 149,404,754 unique logins and passwords, amounting to 96 GB of raw data. Fowler noted that the exposed records included emails, usernames, passwords, and URLs for account login or authorization.
Potential Security Risks
Fowler highlighted that the database’s public accessibility meant anyone who stumbled upon it could potentially access millions of individuals’ credentials. The records spanned a wide range of online services and account types worldwide. Financial services accounts, crypto wallets, trading accounts, and banking logins were also part of the sample reviewed by Fowler.
A significant concern was the presence of credentials linked to .gov domains from various countries. Although not all government-related accounts provide access to sensitive systems, even limited access could have severe consequences depending on the user’s role and permissions.
Implications for Government Accounts
Exposed government credentials could be exploited for targeted spear-phishing or impersonation attacks. They might also serve as entry points into government networks. This increases the risk of national security and public safety threats due to compromised .gov credentials.
The exposure of such a vast number of unique logins and passwords poses a serious security threat to many individuals who may be unaware their information has been compromised. The data includes emails, usernames, passwords, and exact login URLs.
Potential for Fraud and Identity Theft
Criminals could use this information to automate credential-stuffing attacks against exposed accounts across various platforms like email services, financial institutions, social networks, and enterprise systems. This significantly raises the chances of fraud, identity theft, financial crimes, and phishing campaigns that appear legitimate due to referencing real accounts.
Email queries sent to major companies mentioned in the report did not receive immediate responses. The situation underscores the importance of securing personal information online to prevent unauthorized access and potential misuse.
With inputs from PTI
