A recent security report has revealed one of the largest data leaks, with the discovery of a criminal database containing approximately 149 million leaked credential records.
The report indicated that approximately 48 million usernames and passwords for Gmail accounts were leaked within the massive database.
This dangerous base remained completely exposed and publicly available for a full month before security researcher Jeremiah Fowler was able to discover it and notify the relevant authorities to remove it.
Fowler explained that the database was not protected by any form of security, as it was neither encrypted nor password protected, making it vulnerable to access by anyone.
It was noted that it contained thousands of organized files that included a wide range of sensitive information, including email addresses, usernames, original passwords, as well as links to login sites for multiple services.
Initial analysis indicates that this data all represents records of previous breaches and not a new attack, with most of it going back to "infostealers" malware that collects data from infected devices over time.
According to Fowler, here is the total number of leaked accounts:
48 million Gmail accounts
17 million Facebook accounts
6.5 million Instagram accounts
4 million Yahoo accounts
3.4 million Netflix accounts
1.5 million Outlook accounts
In an official response, Google explained to Forbes: "We are aware of this dataset, which includes some Gmail data. We have automated protection systems that lock suspected accounts and force users to reset their passwords when exposure is detected."
To check if your personal data has been compromised, experts recommend visiting the specialized website "Have I Been Pwned," which offers a free service to detect if your email address has been exposed in any known data breaches. Upon entering your email address, a detailed report appears showing all recorded breaches of that account, specifying the types of data leaked and the dates of these breaches. If any positive results appear, immediate action should be taken, including changing your passwords immediately, especially if the old password is still in use. It is also advisable to enable two-factor authentication (2FA) on all important accounts, review your registered alternative email addresses for account recovery, and ensure they remain under the legitimate user's control.
This incident underscores once again the importance of sound security practices in digital transactions, where password reuse across multiple sites should be avoided, strong and unique passwords should be used for each service, and security software should be updated regularly.
The report also reminds users to be wary of phishing emails, not to click on suspicious links, and to constantly monitor their accounts to detect any unusual activity early on.
