Privacy "nightmare"

Accidental data leaks from misconfigured or insecure databases are a perennial privacy nightmare.

The discovery of a trove of 184 million records — containing login information for Apple, Facebook, Google, and even accounts linked to multiple governments — has once again raised the alarm about the risks of concentrating large amounts of sensitive information in a single place that could be vulnerable to attack.

In early May, Jeremiah Fowler, a veteran security researcher and data breach hunter, discovered an unprotected Elastic database containing more than 184 million records (47 GB of data).

Mr. Fowler said that it is usually possible to find the owner of a leaked database based on its contents (company information, customer/employee data). However, this database is completely “mysterious,” with no trace of its origin or owner.

Given the sheer volume and variety of credentials, including accounts for multiple online services, this data appears to be a composite collection. It could have been created by data breach researchers, cybercriminals, or stolen directly by credential-stealing malware.

“This is probably one of the strangest cases I’ve ever seen,” said Fowler. “The risk here is much greater than most previous discoveries, as it provides direct access to personal accounts. This is the ‘golden list’ that cybercriminals dream of.”

Alarming details

Each record in this database contains the account type ID, website/service URL, username, and password in plain text (unencrypted).

When analyzing a small sample of 10,000 profiles, Mr. Fowler found hundreds of accounts for popular services like Facebook (479), Google (475), Instagram (240), Roblox (227), Discord (209), along with more than 100 Microsoft, Netflix, and PayPal accounts.

Additionally, the sample contained user login information for Amazon, Apple, Nintendo, Snapchat, Spotify, Twitter, WordPress, Yahoo, and many other platforms. More worryingly, a search for keywords in the sample yielded 187 results related to “bank” and 57 results related to “wallet.”

National security risk

Although he did not download the entire data, Mr. Fowler contacted some of the owners of the exposed emails and received confirmation that the accounts were real. Worse, the leaked data also poses a potential national security risk.

In the sample of 10,000 records alone, there were 220 email addresses with the ".gov" domain, belonging to at least 29 countries, including the US, Australia, Canada, China, India, Israel, New Zealand, Saudi Arabia and the UK.

Unable to determine who created the database or where the login credentials came from, Fowler reported the incident to World Host Group, the company that hosted the database. Access to the data was quickly blocked.

In a statement to WIRED - a famous American magazine - CEO Seb de Lemos of World Host Group, said the company operates systems for more than 2 million websites. However, the CEO affirmed that the database discovered by Fowler was an unmanaged server, with full control over the customer's infrastructure.

"It appears that a fraudulent user registered and uploaded illegal content to the server. The system has been shut down, our legal team is reviewing the information to coordinate with law enforcement and will fully cooperate with the authorities," said the CEO of World Host Group.

While the database was secured and then completely taken down, it’s unclear whether anyone other than Fowler had access to the data while it was exposed. As with any data breach, the main concern is that sensitive information could have been stolen and misused.

In this case, the immediate risk is that the credentials could be used for fraud, additional data theft, or attacks against other organizations.

Mr. Fowler suspects that this data was compiled by cybercriminals using information-stealing software: "It is very likely the work of a cybercriminal. That is the only reasonable explanation, because I can't think of any other way to collect so many logins and passwords from so many services around the world."

Source: https://dantri.com.vn/cong-nghe/ro-ri-co-so-du-lieu-khong-lo-184-trieu-tai-khoan-bi-lo-thong-tin-dang-nhap-20250522180903466.htm