Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
www.wired.com

... A trove of breached data, which has now been taken down, includes user logins for platforms including Apple, Google, and Meta. Among the exposed accounts are ones linked to dozens of governments. ...

The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records -- including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments -- underscores the risks of recklessly compiling sensitive information in a repository that could become a single point of failure.

In early May, longtime data-breach hunter and security researcher Jeremiah Fowler discovered an exposed Elastic database containing 184,162,718 records across more than 47 GB of data. Typically, Fowler says, he is able to gather clues about who controls an exposed database from its contents"details about the organization, data related to its customers or employees, or other indicators that suggest why the data is being collected. This database, however, didn't include any clues about who owns the data or where it may have been gathered from. ...

Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
www.websiteplanet.com

... Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 184 million login and password credentials. ...

The publicly exposed database was not password-protected or encrypted. It contained 184,162,718 unique logins and passwords, totaling a massive 47.42 GB of raw credential data. In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts. The database contained login and password credentials for a wide range of services, applications, and accounts, including email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more. I also saw credentials for bank and financial accounts, health platforms, and government portals from numerous countries that could put exposed individuals at significant risk.

The IP address indicated that the database was connected to two domain names. One domain is parked and not available while the other appears to be unregistered and available to purchase. The Whois registration is private, and there seemed to be no verifiable method to identify the real owner of the database containing potentially illegal data. So, I immediately sent a responsible disclosure notice to the hosting provider, and the database was restricted from public access soon after.

The hosting provider would not disclose their customer's information, so it is not known if the database was used for criminal activity or if this information was gathered for legitimate research purposes and subsequently exposed due to oversight. It is also not known how long the database was exposed before I discovered it or if anyone else may have gained access to it.

The records exhibit multiple signs that the exposed data was harvested by some type of infostealer malware. ...