Usernames and passwords of more than 18.4 crore people have been leaked on the Internet. Cyber security researcher Jeremiah Fowler has given this information in a report. Fowler said that a database without any security has been found on the Internet, which contained usernames and passwords of crores of people. These passwords were linked to email, social media platforms and bank accounts. Login details of government portals are also included in the leaked data. Most of the leaked data was related to major platforms like Apple, Google, Facebook, Microsoft, Instagram, Snapchat. Apart from this, it also included login details of authorization URL, banking, health and government portals. The worrying thing is that this database was not encrypted, that is, all the sensitive information was available in simple text format. Due to data leak, the personal information of crores of users has been put at risk. After the report, many companies are on alert. How were people’s passwords leaked?
According to Fowler, this data may have been stolen by a malware called ‘Infostealer’, which extracts the data saved in the computer. Info-Stealer malware steals passwords, autofill information and cookies saved in the users’ browser. If a user accidentally clicks on a fake link or downloads a file from the mail, this virus enters the system. After that it leaks information related to email, bank and social media accounts. Cyber criminals often use such malware, which steals information like username, password and credit card number from websites and systems and sells it on the dark web. Hosting company refused to give information
According to Fowler, the hosting company on whose server this data was present was contacted. After that that database could not be accessed publicly. But, the company refused to give information about the source who uploaded the data. Security experts sent emails to some of the users present in the database and confirmed that their real information was leaked. He also warned that people who use the same password and username on multiple platforms are most at risk.
