A cybersecurity company has collected a massive set of data exposed on the network containing more than 183 million email passwords. Among them, tens of millions correspond to accounts of Gmailbut there is also access information to Outlook, Yahoo and hundreds of other web services.
As explained Troy HuntAustralian security researcher who runs the breach reporting site Have I Been Pwnedthe lot occupies 3.5 terabytes of data. This has been compiled by Benjamin Brundageanalyst Synthientafter a year of tracking through infostealer platforms. Brundage sent the collection to Hunt for analysis and to expand the Have I Been Pwned database in which you can check if an email or other personal data has been leaked on the Internet.
Infostealers and credential stuffing
An infostealer is a type of malware that, once installed on a device, extracts and sends sensitive data to attackers (users and passwords, cookies, forms, wallets, history, etc.).
The data consists of ‘stealer logs and lists for credential stuffing attacks’Hunt has noted on his blog. So, for example, ‘someone who logs into Gmail ends up with their captured email address and password associated with gmail.com.’
Credential stuffing is an attack technique that automates logins to many services in bulk, reusing username and password combinations leaked in other breaches. One of the reasons why it is important not to repeat passwords in different services, especially if they are associated with the same email.
Among the 183 million unique accounts in this new data set, approximately 16.4 million correspond to addresses never seen before in any previous breachaccording to Hunt.
The security firm Synthient indicates that they come from criminal markets and clandestine channels of Telegram where hackers clandestinely share stolen credentials. Brundage notes that the findings show the overwhelming reach of the infostealer malware.
Not only Gmail, but also Outlook, Yahoo and hundreds of web services
According to the researchers, most of the entries are recycled from old breaches, but they verified recently compromised Gmail accounts with affected users who confirmed that the exposed passwords still matched their active credentials.
The batch, Hunt says, demonstrates how stolen credentials They tend to reappear on forums for yearsgiving criminals new opportunities to exploit reused passwords. He also points out that the gaps They did not involve a direct hack of Gmail or other affected platformsbut rather malware was used on users’ computers to steal their logins.
‘If you are one of the 183 million people affected, you should change your email password immediately and enable two-factor authentication if you haven’t already,’ says Hunt.
How to know if your password is among those affected
To check if their credentials are among those compromised, users can visit HaveIBeenPwned.com and enter their email address. If flagged, the site indicates the date, nature of the breach, and the data stolen.
Gmail’s response
A Google spokesperson said: “Reports about a Gmail security ‘breach’ affecting millions of users are completely inaccurate and incorrect. They are due to a misinterpretation of ongoing updates to credential theft databases, known as infostealer activity, where attackers use multiple tools to harvest credentials, rather than a single specific attack targeting a specific person, tool, or platform. We encourage users to follow best practices to protect themselves from the credential theft, such as enabling two-step verification and adopting passcodes as a more secure and resilient alternative to passwords, as well as resetting passwords when they are exposed in large batches like this.”