Database with 184 Million Logins and Passwords Accessible Online with No Password

A security researcher has discovered an unprotected database containing more than 184 million login credentials, likely collected by infostealer malware.

Such databases are exposed are a lot more often than they should be. Some companies might leave them open and exposed by mistake, but this one is very different.

The exposed data consisted of more than 184 million unique login and password combinations, totaling approximately 47 GB of raw, unencrypted information.

Out in the open for anyone to grab

What makes this particularly worrying, aside from the sheer volume of sensitive information in the database, is that it was completely open and available for anyone to grab, with no password protection.

 “The database contained login and password credentials for a wide range of services, applications, and accounts, including email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more. I also saw credentials for bank and financial accounts, health platforms, and government portals from numerous countries that could put exposed individuals at significant risk,” explained security researcher Jeremiah Fowler.

Who is it anyway?

The researcher contacted the hosting provider, who was quick to take it down, but they wouldn’t disclose the name of the customer.

This leaves two possible scenarios. The database could be assembled from existing breaches and used for legitimate purposes, but the stored records show signs some type of infostealer malware has gathered them.

The dangers of having your personal information exposed online, especially usernames and passwords, are difficult to quantify.

In the wrong hands, such information can:

• Be used to gain unauthorized access to email, banking, and social media accounts
• Fuel identity theft schemes
• Enable further cyberattacks against individuals and businesses
• Be sold or traded on dark web marketplaces.

Also, market research shows that up to 60% of users reuse their credentials for multiple accounts. Attackers know there’s a good chance that a password present in this leaked database will be useful for other online services as well.

Infostealer malware has become extremely prevalent, and criminals use it in all types of content. For example, we found that attackers are actively trying to infect users who download pirated movies and TV shows.

If you want powerful, all-in-one protection against Infostealer malware and other evolving threats, consider Bitdefender Ultimate Security. With advanced real-time threat detection, anti-tracker technology, secure VPN, password manager, and multi-layer ransomware protection, Bitdefender provides everything you need to stay safe online—across all your devices.