His report reveals that usernames, passwords, emails, and URLs for many social media apps and websites were stored in a file, alongside users’ credentials for bank and financial accounts, health platforms, and government portals.
The file found was unencrypted, and it was determined that the sensitive data was captured by a kind of infostealer website. This kind of website is popular amongst cybercriminals as it is designed to grab sensitive data from breached sites and servers, making it easier to plan an attack or give away the information on the dark web.
The file was since removed from public access by the hosting provider, which is not sure if the database was created legitimately and exposed accidentally, or intentionally used for malicious purposes.
While the people behind the breach are to blame, users also share a part of the responsibility. The report’s author suggests that users should not keep documents containing sensitive information on their email accounts and treat them like free cloud storage, as this could create privacy risks if criminals were to gain access.
The types of threats faced by people whose data is exposed include credential stuffing attacks, account takeovers, ransomware and corporate espionage, attacks against state and government agencies, and social engineering.
Useful tips that can help users protect their confidential data from being exposed in a breach include changing passwords each year, using complex and unique passwords, considering a password manager, utilising multi-factor authentication, using a good security software, and monitoring the use of their accounts. They can also check if their credentials have been leaked on sites like HaveIBeenPwned, which will analyse if the email introduced has popped up in any known breaches.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now