Feed: Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Feed Link: https://www.engadget.com/
---
Title: A huge unsecured credential database discovery is a great reminder to
change your passwords
Date: Thu, 22 May 2025 21:05:37 +0000
Link: https://www.engadget.com/cybersecurity/a-huge...
Today's report by security expert Jeremiah Fowler of a massive unsecured
database full of usernames and passwords shouldn't necessarily frighten you,
but it should spur you to action. If you have any weak passwords protecting
accounts with sensitive information, or if you've reused the same password
ΓÇö however strong ΓÇö on multiple accounts, now would be an excellent time
to change them and set up two-factor authentication.
Fowler reported on Website Planet that the database, which he found unlocked
and without any encryption on an anonymously registered server, contained a
little over 184 million records. These included usernames, emails, passwords,
and direct links to the URLs for logging into the relevant accounts. While
Fowler was able to get the hosting provider to lock the server, he couldn't
find any hard evidence about who compiled the database, nor whether they had
used or shared the information.
There are a couple of reasons not to panic here. 184 million records exposed
doesn't mean 184 million people exposed ΓÇö it's just the number of rows in
the database. If the info was gathered through malware, as Fowler believes,
it's likely to have gathered multiple records from every infected device.
That's obviously still bad, but fewer people have been affected than it may
seem from the number alone.
The database also contained no information that could be used for two-factor
authentication, so anyone with a second factor set up has much less reason to
worry. Don't forget, though, that one weakly secured account is a liability
to the others. For example, a hacker could gain access to your email, then
use that access to break through 2FA on your bank account.
The potential consequences of having your password stolen are severe enough
that it's worth taking common-sense steps. Since the database wasn't leaked
on any of the usual dark web sources, its data likely won't show up on breach
checkers like HaveIBeenPwned. However, Fowler did share with Wired reporters
that he tested a sample of 10,000 fields in the database, and found passwords
to the following platforms:
Facebook
Google
Instagram
Roblox
Discord
Microsoft
Netflix
PayPal
Amazon
Apple
Nintendo
Snapchat
Spotify
Twitter
WordPress
Yahoo
Online banks
Online wallets
Healthcare web apps
Government employee accounts
If you have an account on any of those platforms without two-factor
authentication, we recommend changing your password and setting up 2FA as
soon as possible. Pay special attention to platforms like Roblox and Nintendo
where your kids might have set up their own accounts and not bothered with
2FA. As Fowler points out in his blog post, even seemingly innocuous accounts
might have personal information lying around.
This article originally appeared on Engadget at
https://www.engadget.com/cybersecurity/a-huge...
discovery-is-a-great-reminder-to-change-your-passwords-210537400.html?src=rss
---
VRSS v2.1.180528
|
Engadget is a web magazine with... 
