One cybersecurity researcher has exposed a significant data breach that affects a wide range of popular websites and services, highlighting potentially 48 million Gmail accounts that have had their data exposed as Google issues a new warning.
Data breaches are unfortunately commonplace in the modern internet age, as while cybersecurity measures have never been better, there are also an unprecedented number of sophisticated attacks from hackers and scammers in search of valuable data.
Tracking websites like HaveIBeenPwned show the severity and frequency of these breaches by letting you check whether your accounts have ever been exposed, yet you might want to consider having a look again as a new major breach has been revealed.
Detailing his findings in a blog post on ExpressVPN, cybersecurity expert Jeremiah Fowler has revealed a new publicly exposed database containing "149,404,754 unique logins and passwords, totaling a massive 96 GB of raw credential data."
Advert
This breach is neither password-protected or encrypted, meaning that anyone who can find it is allowed to access the contents stored inside, and it includes "emails, usernames, passwords, and the URL links to the login and authorization for the accounts."
Fowler explains that while it's not the first of its kind that he has found, it exposes the prescient threat that 'credential-stealing malware' poses right now, yet the fact that he's been able to find it also points out that these cybercriminals themselves are also vulnerable to data breaches.
"The database was publicly accessible," Fowler notes, pointing towards the cloud-based repository that stored the files, "allowing anyone who discovered it to potentially access the credentials of millions of individuals."
Among this data includes login details for people all across the world across a wide range of online services, affecting social media sites, data sites, streaming services, financial and trading platforms, and even OnlyFans accounts.
By far the biggest platform hit by the breach though was Gmail with 48 million leaked accounts – which is perhaps not surprising considering the sheer scale of the email platform – and this has prompted the tech giant to issue a response to the news, as per the Independent.
Speaking to the Daily Mail, a Google spokesperson acknowledged that while there was a dataset "containing a wide range of credentials," it perhaps isn't as bas as it seems, claiming that the breach wasn't new.
"This data represents a compilation of 'infostealer' logs, credentials harvested from personal devices by third-party malware, that has been aggregated over time," the spokesperson claims.
"We continuously monitor for this type of external activity and have automated protections in place that lock accounts and force password resets when we identify exposed credentials."
It does leave some users even more frustrated that key 'dark web protections' were disabled and discontinued by Google recently though, leaving people to opt for third-party sites in order to keep up with any potential breaches.