A naukri.com initiative
Siliconangle
3d
289
Image Credit: Siliconangle
Security researchers find 16B stolen credentials from malware in open cloud storage
- Security researchers at Cybernews have discovered 16 billion stolen login credentials from about 30 different datasets, mainly comprised of data harvested by infostealer malware.
- The credentials were found exposed in unsecured cloud storage instances and Elasticsearch repositories, not stemming from a single major data breach.
- The data likely includes duplicate entries and reused passwords, impacting a substantial but smaller number of unique individuals.
- The freshness of the harvested credentials poses a significant threat, as they are likely still valid for cyberattacks like credential stuffing and phishing.
- These credentials were obtained from compromised devices infected with malware via phishing emails, malicious downloads, or cracked software.
- Unlike traditional breaches, these credentials did not come from direct compromises of major platforms but from infected users whose data was exposed in insecure storage.
- Although the 16 billion records are worrying, they are different from the largest known breach 'Mother of All Breaches' disclosed in early 2024, which contained over 26 billion records in one dataset.
- While the new credentials are of smaller absolute numbers and not in one dataset, their recency and organization make them particularly dangerous for cyberattacks.
- The well-organized and tailored data structure enables immediate use in cybercriminal activities, raising concerns for widespread account takeovers.
- The exposed databases were removed after Cybernews reported them, but the data might have been downloaded and redistributed by others during the exposure period.
- The discovery highlights the potential for attackers to exploit cloud services and SaaS platforms, bypassing traditional security measures with ease.
Read Full Article
17 Likes
For uninterrupted reading, download the app