Red alert! 184 million passwords (Facebook, Netflix) leaked: are your accounts in danger?
Each month (or perhaps well every week) brings its share of potential data leaks on the Internet. If some are sometimes less serious than expected, even denied (as has been the case at Valve A few days ago for example), others can do damage. If it is still too early to know in which category will be to line up that of the day, caution remains as always in order. Especially since here almost everyone can be concerned.
A possible leak for many popular services
Jeremiah Fowlera security researcher, indicates that he has discovered a large database of 47 GB publicly exposed (but has the access since restrained by the supplier World Host Group), unprotected and unprotected, containing more than 184 million identifiers and unique passwords.
There are email addresses, user names, passwords and connection URLs, but also connection information for banking and health services, while government platform emails from several countries are also there.
Provisory. GOV accounts, here in Australia, Iran, India, Brazil and Romania. © Jeremiah Fowler/Websiteplanet
These data concern products offered by major players, including Meta (Facebook and Instagram), Snapchat, Microsoft, Google, Discord or Roblox. By analyzing a small portion of this database, and by contacting people concerned, the researcher was able to attest to the validity of certain email/password couples
However, it is not able to trace its source or ensure its total reliability. On the other hand, he thinks that this data has been recovered via data thief malware. The objective of creating this base, not hidden on a forum in exchange for money as is often the case, remains unknown.
If this threat should be real, the advice to protect themselves are the same as usual. Being prudent and attentive to the possible phishing attempts, which seek to extort missing data and take control of your accounts, is the first step.
The second will be to use a solid and above all different password on each service (ideally passing through a password manager) and activate, when possible, double authentication. In the case of a compromise password used on several services, it is very easy for people to take advantage of it.
