Latest news with #JeremiahFowler
&w=3840&q=100)
First Post
3 days ago
- First Post
16 billion passwords compromised, says report; have you changed yours?
A massive breach has exposed over 16 billion usernames and passwords from platforms like Google, Apple, Facebook, and more. The leak raises serious cybersecurity concerns, prompting urgent calls for stronger passwords, two-factor authentication, and regular dark web exposure checks. read more A staggering 16 billion usernames and passwords have been exposed in what experts are calling the largest-ever database of stolen credentials. The trove of compromised data includes login details from major platforms such as Apple, Google, Facebook, Telegram, GitHub and even government services, raising alarms over the global state of digital security. Cybersecurity researchers say the breach stems from a collection of 30 massive datasets, each holding tens of millions to over 3.5 billion records. The information, mostly acquired through infostealing malware, appears to be freshly leaked, with nearly all of the datasets previously unreported except for one earlier disclosure of 184 million passwords by researcher Jeremiah Fowler, according to a new investigation by Cybernews. STORY CONTINUES BELOW THIS AD 'Most of these credentials are structured as URLs followed by usernames and passwords, and they cover virtually every type of online service imaginable,' said Vilius Petkauskas, a Cybernews analyst who has been investigating the leak since the beginning of the year. The scale of this breach surpasses previous incidents, including last year's so-called 'Mother of All Breaches' which exposed 26 billion records. While it's unclear whether some of the leaked data might have been repackaged from earlier incidents, researchers insist that this leak is largely new. Lawrence Pingree, vice president at cybersecurity firm Dispersive, explained that such datasets are often circulated and resold on the dark web—sometimes bundled with other leaks, sometimes offered piecemeal. 'Whether it's a repackaged leak or not, 16 billion records is a huge number,' Pingree said. 'This kind of data is valuable precisely because it is so often misused.' The breach underscores how widespread the threat of credential theft has become, with attackers targeting social media platforms, corporate portals, developer tools, and VPN services alike. In response, experts urge users to adopt better security hygiene. Basic protections include running antivirus scans to detect infostealers, checking dark web exposure via tools like Google One's 'Dark Web Report,' and crucially, using strong and unique passwords for every service.
Indian Express
3 days ago
- Indian Express
Cybersecurity nightmare: More than 16 billion passwords leaked in unprecedented data breach
Cybersecurity researchers are claiming that they recently came across a massive database comprising more than 16 billion usernames and passwords, making it the largest data breach of all time. According to a new report from Cybernews, these leaked passwords are likely generated by various cybercriminals who used various infostealing malware to steal usernames and passwords. As it turns out, these login credentials were gathered from social media, corporate platforms, VPNs, developer portals and more. The researchers claim that they came across 30 exposed datasets of various sizes, which contained anywhere between tens of millions to more than 3.5 billion records with accounts from Google, Apple, Facebook, GitHub, Telegram and more. The report also claims that 'none of the exposed datasets were reported previously,' except for the one reported by Jeremiah Fowler, which contained more than 184 million passwords. 'This is not just a leak – it's a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. What's especially concerning is the structure and recency of these datasets – these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale', added researchers. And while these newly discovered datasets were only exposed online for a brief period of time using unsecured Elasticsearch and object storage instances, which was long enough for security researchers to uncover the dataset, but not learn who controlled them. The publication says that the majority of data leaked in the datasets contains 'a mix of details from stealer malware, credential stuffing sets and repackaged leaks.' And while there is no way to compare these datasets, they likely contain at least some duplicated information. This makes it hard to determine how many people were affected by the data breach. However, most of the data in these datasets followed a particular pattern, containing a URL followed by a username and a password. To those unaware, this is exactly how infostealing malware collects information and sends it to threat actors. The researchers also found that these huge datasets containing usernames and passwords are often used for phishing campaigns, ransomware intrusions, business email compromise and account takeovers. These exposed datasets also included tokens, cookies and metadata, which makes them dangerous for companies and services that lack multi-factor authentication. Also, some of these were simply named 'logins' and 'credentials'. If you think your system is infected by an infostealing malware, make sure to install a known antivirus and run a thorough security scan to remove it. Users can also make use of Google One's 'Dark Web Report' feature, which lets you check if your personal information has been leaked as part of a data breach or is available on the dark web. Also, make sure that you refrain from using common passwords like '12345678' and 'password' and instead use a combination of numbers and letters to keep your account secure. To give you a quick recap, datasets containing billions of passwords have previously found their way on the internet. Last year, researchers came across what they called the Mother of All Breaches, which contained more than 26 billion records.
&w=3840&q=100)
First Post
03-06-2025
- Business
- First Post
Google, Instagram logins among 184 mn passwords leaked in massive data breach
A cybersecurity researcher discovered a publicly accessible database online, revealing sensitive details associated with major brands such as Apple, Google, Facebook, Microsoft, as well as several banking and government services read more A massive data breach has exposed more than 184 million user records, including email addresses, passwords, and direct login URLs, raising significant cybersecurity concerns for millions of Americans. Cybersecurity researcher Jeremiah Fowler discovered the unprotected database publicly accessible online, revealing sensitive details associated with major brands such as Apple, Google, Facebook, Microsoft, as well as several banking and government services, Moneycontrol reported. Although the database wasn't hosted by any specific company, the leaked records contained credentials and direct login links for various platforms, including: STORY CONTINUES BELOW THIS AD Apple iCloud and iTunes accounts Google services, such as Gmail, Drive, and Google Workspace Meta's Facebook and Instagram accounts Microsoft Outlook, Office 365, and Teams Banking portals, cryptocurrency wallets, and government service platforms Fowler highlighted the severity of the breach by pointing out the inclusion of direct login URLs, which could potentially allow hackers to bypass traditional password entry procedures, significantly simplifying unauthorised access to private user accounts. More to come
Yahoo
02-06-2025
- Business
- Yahoo
Massive data breach exposes 184 million passwords and logins
Data breaches are no longer rare events but a persistent problem. We've been seeing regular incidents at public-facing companies across various sectors, including healthcare, retail and finance. While bad actors are certainly to blame, these corporations aren't entirely without fault. They often make it easy for hackers to access user data by failing to protect it properly. A recent example came to light when a cybersecurity researcher discovered an open database containing over 184 million account credentials. Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts and exclusive deals — plus instant access to my free Ultimate Scam Survival Guide when you sign up! Cybersecurity researcher Jeremiah Fowler has revealed the existence of an open database that contains 184,162,718 million account credentials. These include email addresses, passwords, usernames and URLs for platforms such as Google, Microsoft, Apple, Facebook and Snapchat. The information also covers banking services, medical platforms and government accounts. Most shockingly, the entire dataset was left completely unsecured. There was no encryption, no authentication required and no form of access control. It was simply a plain text file sitting online for anyone to find. Read On The Fox News App 19 Billion Passwords Have Leaked Online: How To Protect Yourself Fowler located the database during routine scanning of publicly exposed assets. What he found was staggering. The file included hundreds of millions of unique records containing user credentials linked to the world's largest technology and communication platforms. There were also account details for financial services and official portals used by state institutions. The file was not protected in any way. Anyone who discovered the link could open it in a browser and instantly view sensitive personal data. No software exploit was needed. No password was asked for. It was as open as a public document. 200 Million Social Media Records Leaked In Major X Data Breach Fowler believes the data was harvested using an infostealer. These lightweight tools are favored by cybercriminals for their ability to silently extract login credentials and other private information from compromised devices. Once stolen, the data is often sold on dark web forums or used in targeted attacks. After reporting the breach, the hosting provider quickly removed access to the file. However, the owner of the database remains unknown. The provider did not disclose who uploaded it or whether the database was part of a legitimate archive that was accidentally published. Fowler could not determine whether this was the result of negligence or an operation with malicious intent. To verify the data, Fowler contacted some individuals listed in the records. Several confirmed that the information was accurate. This confirmation turns what might seem like abstract statistics into something very real. These were not outdated or irrelevant details. These were live credentials that could allow anyone to hijack personal accounts in seconds. 1.7 Billion Passwords Leaked On Dark Web And Why Yours Is At Risk Hr Firm Confirms 4M Records Exposed In Major Hack 1. Change your password on every platform: If your login credentials have been exposed, it's not enough to change the password on just one account. Cybercriminals often try the same combinations across multiple platforms, hoping to gain access through reused credentials. Start by updating your most critical accounts, email, banking, cloud storage and social media, then move on to others. Use a new, unique password for each platform and avoid variations of old passwords, as they can still be predictable. Consider using a password manager to generate and store complex passwords. Our top-rated password manager delivers powerful protection to help keep your accounts secure. It features real-time data breach monitoring to alert you if your login details have been exposed, plus a built-in data breach scanner that checks your saved emails, passwords and credit card information against known leak databases. A password health checker also highlights weak, reused or compromised passwords so you can strengthen your online defenses with just a few clicks. Get more details about my best expert-reviewed Password Managers of 2025 here. 2. Enable two-factor authentication: Two-factor authentication, or 2FA, is a critical security feature that drastically reduces the risk of unauthorized access. Even if someone has your password, they won't be able to log in without the second verification step, usually a one-time code sent to your phone or an authenticator app. Enable 2FA on all services that support it, especially your email, financial accounts and any service that stores sensitive personal data. 3. Watch for unusual account activity: After a breach, it's common for compromised accounts to be used for spam, scams, or identity theft. Pay close attention to signs such as login attempts from unfamiliar locations, password reset requests you didn't initiate or unexpected messages sent from your accounts. Most platforms allow you to review login history and connected devices. If you see something off, take action immediately by changing your password and revoking suspicious sessions. 4. Invest in personal data removal services: You should also consider a data removal service. Given the scale and frequency of breaches like the one described above, relying on personal caution alone is no longer enough. Automated data removal services can provide an essential extra layer of defense by continuously scanning for and helping eliminate your exposed information from data broker sites and other online sources. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 5. Avoid clicking on suspicious links and use strong antivirus software: One of the most common post-breach threats is phishing. Cybercriminals often use information from leaked databases to craft convincing emails that urge you to verify your account or reset your password. Never click on links or download attachments from unknown or suspicious sources. Instead, visit websites by typing the URL directly into your browser. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 6. Keep your software and devices up to date: Many cyberattacks exploit known vulnerabilities in outdated software. Operating systems, browsers, antivirus programs and even apps need to be updated regularly to patch security flaws. Turn on automatic updates wherever possible so you're protected as soon as fixes are released. Staying current with your software is one of the easiest and most effective ways to block malware, ransomware and spyware from infiltrating your system. Hackers Using Malware To Steal Data From Usb Flash Drives Security is not only the responsibility of companies and hosting providers. Users need to adopt better practices, including unique passwords, multifactor authentication and regular reviews of their digital footprint. The careless exposure of over 184 million credentials is not just a mistake. It is an example of how fragile our systems remain when even basic protection is absent. In an era where artificial intelligence, quantum computing, and global connectivity are reshaping technology, it is unacceptable that plain text files containing financial and governmental credentials are still left sitting online. Do you feel that companies are doing enough to protect your data from hackers and other cyber threats? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Ask Kurt a question or let us know what stories you'd like us to cover. Follow Kurt on his social channels: Facebook YouTube Instagram Answers to the most-asked CyberGuy questions: What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? What is the best way to stay private, secure and anonymous while browsing the web? How can I get rid of robocalls with apps and data removal services? How do I remove my private data from the internet? New from Kurt: Try CyberGuy's new games (crosswords, word searches, trivia and more!) CyberGuy's Exclusive Coupons and Deals Copyright 2025 All rights article source: Massive data breach exposes 184 million passwords and logins
Yahoo
02-06-2025
- Business
- Yahoo
Massive data breach exposes 184 million passwords and logins
Data breaches are no longer rare events but a persistent problem. We've been seeing regular incidents at public-facing companies across various sectors, including healthcare, retail and finance. While bad actors are certainly to blame, these corporations aren't entirely without fault. They often make it easy for hackers to access user data by failing to protect it properly. A recent example came to light when a cybersecurity researcher discovered an open database containing over 184 million account credentials. Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts and exclusive deals — plus instant access to my free Ultimate Scam Survival Guide when you sign up! Cybersecurity researcher Jeremiah Fowler has revealed the existence of an open database that contains 184,162,718 million account credentials. These include email addresses, passwords, usernames and URLs for platforms such as Google, Microsoft, Apple, Facebook and Snapchat. The information also covers banking services, medical platforms and government accounts. Most shockingly, the entire dataset was left completely unsecured. There was no encryption, no authentication required and no form of access control. It was simply a plain text file sitting online for anyone to find. Read On The Fox News App 19 Billion Passwords Have Leaked Online: How To Protect Yourself Fowler located the database during routine scanning of publicly exposed assets. What he found was staggering. The file included hundreds of millions of unique records containing user credentials linked to the world's largest technology and communication platforms. There were also account details for financial services and official portals used by state institutions. The file was not protected in any way. Anyone who discovered the link could open it in a browser and instantly view sensitive personal data. No software exploit was needed. No password was asked for. It was as open as a public document. 200 Million Social Media Records Leaked In Major X Data Breach Fowler believes the data was harvested using an infostealer. These lightweight tools are favored by cybercriminals for their ability to silently extract login credentials and other private information from compromised devices. Once stolen, the data is often sold on dark web forums or used in targeted attacks. After reporting the breach, the hosting provider quickly removed access to the file. However, the owner of the database remains unknown. The provider did not disclose who uploaded it or whether the database was part of a legitimate archive that was accidentally published. Fowler could not determine whether this was the result of negligence or an operation with malicious intent. To verify the data, Fowler contacted some individuals listed in the records. Several confirmed that the information was accurate. This confirmation turns what might seem like abstract statistics into something very real. These were not outdated or irrelevant details. These were live credentials that could allow anyone to hijack personal accounts in seconds. 1.7 Billion Passwords Leaked On Dark Web And Why Yours Is At Risk Hr Firm Confirms 4M Records Exposed In Major Hack 1. Change your password on every platform: If your login credentials have been exposed, it's not enough to change the password on just one account. Cybercriminals often try the same combinations across multiple platforms, hoping to gain access through reused credentials. Start by updating your most critical accounts, email, banking, cloud storage and social media, then move on to others. Use a new, unique password for each platform and avoid variations of old passwords, as they can still be predictable. Consider using a password manager to generate and store complex passwords. Our top-rated password manager delivers powerful protection to help keep your accounts secure. It features real-time data breach monitoring to alert you if your login details have been exposed, plus a built-in data breach scanner that checks your saved emails, passwords and credit card information against known leak databases. A password health checker also highlights weak, reused or compromised passwords so you can strengthen your online defenses with just a few clicks. Get more details about my best expert-reviewed Password Managers of 2025 here. 2. Enable two-factor authentication: Two-factor authentication, or 2FA, is a critical security feature that drastically reduces the risk of unauthorized access. Even if someone has your password, they won't be able to log in without the second verification step, usually a one-time code sent to your phone or an authenticator app. Enable 2FA on all services that support it, especially your email, financial accounts and any service that stores sensitive personal data. 3. Watch for unusual account activity: After a breach, it's common for compromised accounts to be used for spam, scams, or identity theft. Pay close attention to signs such as login attempts from unfamiliar locations, password reset requests you didn't initiate or unexpected messages sent from your accounts. Most platforms allow you to review login history and connected devices. If you see something off, take action immediately by changing your password and revoking suspicious sessions. 4. Invest in personal data removal services: You should also consider a data removal service. Given the scale and frequency of breaches like the one described above, relying on personal caution alone is no longer enough. Automated data removal services can provide an essential extra layer of defense by continuously scanning for and helping eliminate your exposed information from data broker sites and other online sources. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 5. Avoid clicking on suspicious links and use strong antivirus software: One of the most common post-breach threats is phishing. Cybercriminals often use information from leaked databases to craft convincing emails that urge you to verify your account or reset your password. Never click on links or download attachments from unknown or suspicious sources. Instead, visit websites by typing the URL directly into your browser. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 6. Keep your software and devices up to date: Many cyberattacks exploit known vulnerabilities in outdated software. Operating systems, browsers, antivirus programs and even apps need to be updated regularly to patch security flaws. Turn on automatic updates wherever possible so you're protected as soon as fixes are released. Staying current with your software is one of the easiest and most effective ways to block malware, ransomware and spyware from infiltrating your system. Hackers Using Malware To Steal Data From Usb Flash Drives Security is not only the responsibility of companies and hosting providers. Users need to adopt better practices, including unique passwords, multifactor authentication and regular reviews of their digital footprint. The careless exposure of over 184 million credentials is not just a mistake. It is an example of how fragile our systems remain when even basic protection is absent. In an era where artificial intelligence, quantum computing, and global connectivity are reshaping technology, it is unacceptable that plain text files containing financial and governmental credentials are still left sitting online. Do you feel that companies are doing enough to protect your data from hackers and other cyber threats? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Ask Kurt a question or let us know what stories you'd like us to cover. Follow Kurt on his social channels: Facebook YouTube Instagram Answers to the most-asked CyberGuy questions: What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? What is the best way to stay private, secure and anonymous while browsing the web? How can I get rid of robocalls with apps and data removal services? How do I remove my private data from the internet? New from Kurt: Try CyberGuy's new games (crosswords, word searches, trivia and more!) CyberGuy's Exclusive Coupons and Deals Copyright 2025 All rights article source: Massive data breach exposes 184 million passwords and logins
