The storage of sensitive data in unsafe forms on the Internet puts users’ personal information more and more every day. Finally, a giant database of more than 184 million accounts such as user name, password and e-mail was left unprotected online. Security researcher Jeremiah Fowler, who found the database, said that this file was open to access without any encryption or password protection. Not only the social media accounts, but also the identity information of critical systems such as bank entrances and government portals.
It is not known how long the data has been open to access, but it is stated that the server has been removed by the company providing hosting service. In this process, there is no definite information about whether data has been accessed by other people or whether it is copied. Fowler said that the database could not detect the owner, because there was no information about it in the file. In addition, it is not clear whether the data is collected by legal means or obtained with malicious software.
Social media platforms and government systems took place in the data
The first reviews reveal that the file includes account information for popular services such as Google, Apple, Microsoft, Facebook, Instagram and Snapchat. However, a large number of e-mail addresses with a .gov extension have been identified in the file and these addresses are estimated to belong to official institutions in at least 29 different countries around the world. Fowler said that some e-mail holders have reached and that many users confirmed that the information in the file matches the real and still used passwords. This shows that not only systems, but also individual user habits, grow safety vulnerabilities.
The data set is likely to be collected by malicious software. Especially infostealer Software called and stolen user information from the browser or system has been widely used among cyber attackers in recent years. According to Fowler, the data in the database seems to have been combined with more than one source, which shows that the attackers are systematically collected information. The fact that the data is not encrypted proves that the safety standards are completely ignored.
There is not only information about social media accounts in the data set. In addition to services such as Netflix, Paypal, Discord, users’ entry information to health platforms and bank systems is included in the file. The seizure of such information can pave the way for more comprehensive threats such as identity theft and financial fraud. According to Fowler, some information in the file also contains browser sessions, IP addresses and answers to security questions.
The tendency of users to use their e-mail accounts as a personal archive increases the impact of such situations. In e-mails that have not been deleted for years, tax documents, health reports and various entry information can be stored. This information provides a serious advantage for the attackers if the account is seized. However, many users are still unaware of the necessity of safely storage such content.
After such large -scale data leaks, there are some measures that users can take. First of all, it is of great importance not to use the same password on multiple platforms. In addition, two -stage authentication systems should be commissioned and unauthorized access attempts should be monitored regularly. In addition, the up -to -date of antivirus and malicious software prevention software is possible infostealer can provide protection against threats.
Such developments in the field of security remind the responsibilities of corporate structures. In particular, cloud -based service providers need to act with more transparency and control in ensuring data security. In addition to all these, it is important for users to act more consciously about how and where they keep their personal data. Such files, which are openly left, can create a level of security risk that can affect not only individuals but also inter -countries relations.