Is it time to change your logins?

Billions of user records, combinations of usernames and passwords compromised in earlier data breaches, were left unprotected in an online database, available to anyone who knew where to look.

This is according to a new report from Cybernews, citing CEO of SecurityDiscovery, Bob Diachenko. Apparently, a digital risk protection firm called DarkBeam was collecting credentials stolen in both reported and non-reported data breaches, to notify the affected individuals. But the database was easy to find, it seems, with a little help from Elasticsearch and Kibana (a database system and a specialized search engine).

Diachenko found a database containing more than 3.8 billion records. Soon afterward, he contacted DarkBeam who managed to quickly lock the doors and protect the database. There’s no word if any threat actors found the database before the researchers, though.

Exposed databases mostly happen due to human error, but they’re also one of the most common instances of data leaks. Throughout the years there have been countless such events including, most recently, an unlocked Microsoft Azure cloud storage database that hosted sensitive information on hundreds of people. That database, which belonged to Microsoft’s researchers working on Artificial Intelligence, held private keys and passwords. The good news is that the database was locked before any hackers could get to it.

The database was discovered by cybersecurity researchers from Wiz, who said they found a Microsoft GitHub repository with open-source code for AI models, to be used for image recognition. The models were hosted on an Azure Storage URL, but due to obvious human error, the storage also held data that no one should have access to.