Billions of passwords and email addresses have been leaked online2 Min Read
Is it time to change your logins?
Billions of user records, combinations of usernames and passwords compromised in earlier data breaches, were left unprotected in an online database, available to anyone who knew where to look.
This is according to a new report from Cybernews, citing CEO of SecurityDiscovery, Bob Diachenko. Apparently, a digital risk protection firm called DarkBeam was collecting credentials stolen in both reported and non-reported data breaches, to notify the affected individuals. But the database was easy to find, it seems, with a little help from Elasticsearch and Kibana (a database system and a specialized search engine).
Diachenko found a database containing more than 3.8 billion records. Soon afterward, he contacted DarkBeam who managed to quickly lock the doors and protect the database. There’s no word if any threat actors found the database before the researchers, though.
Exposed databases mostly happen due to human error, but they’re also one of the most common instances of data leaks. Throughout the years there have been countless such events including, most recently, an unlocked Microsoft Azure cloud storage database that hosted sensitive information on hundreds of people. That database, which belonged to Microsoft’s researchers working on Artificial Intelligence, held private keys and passwords. The good news is that the database was locked before any hackers could get to it.
The database was discovered by cybersecurity researchers from Wiz, who said they found a Microsoft GitHub repository with open-source code for AI models, to be used for image recognition. The models were hosted on an Azure Storage URL, but due to obvious human error, the storage also held data that no one should have access to.
Let ADVYON help get you secured today!
At Advyon, we take pride in going above and beyond to ensure the utmost security for all our IT clients. We understand that safeguarding sensitive data, especially email addresses and passwords, is paramount in today’s digital landscape. Our dedicated team not only provides top-tier security solutions but also meticulously sets protocols in place to fortify our clients against any potential data breach. We employ state-of-the-art encryption, multi-factor authentication, and continuous monitoring.