Security Alert: 149 Million IDs And Passwords For Gmail, Facebook, And Binance Leak Online—Know How To Remain Safe

A massive database having usernames and passwords of more than 149 million users has been taken offline after a security researcher flagged it to the company hosting it. The databases include login details linked to major companies such as Gmail, Facebook, and the cryptocurrency platform Binance, as reported by WIRED. 

Jeremiah Fowler, who is a longtime security analyst, discovered the database. Fower regularly tracks exposed data online; he said that he could not identify who owned or controlled the database. He contacted the hosting provider after confirming that the data is publicly accessible, which eventually removed the data for violating its terms of service. 

The database includes 48 million Gmail logins, 17 million Facebook credentials, and about 4,20,000 Binance login details. The database also includes millions of usernames and passwords linked to other services which consist of Yahoo, Microsoft Outlook, Apple iCloud, Netflix, TikTok and even academic and government systems from multiple countries. 

The major concern regarding the database was that it was easy to access. Fowler claimed that the information could be viewed and searched using a simple web browser. The database does not have any password or protection safeguarding the data. 

He believes the database was hopefully created using “infostealer” malware which infects the computer and records what people type, including usernames and passwords. The stolen information using the malicious software is then sent back to whoever controls the malware 

Jeremiah Fowler was trying to get the database taken down, but this process took almost a month while the data kept growing. The new login details were getting added continuously, which showcases that the system was actively collecting information. However, he was unable to identify who was using the information. The structure of database indicates that it could be used to sell specific sets of login details to cybercriminal running different kinds of scams.

How To Remain Safe

The users should keep their password strong and unique despite of having common passwords such as date of birth and not to click any unknown link even it is sent through a trusted medium and not to install any software or application from third party websites.

Also Read: Will India Revoke TikTok Ban After US Deal? Chinese Control Ends As American Investors Take Charge