You are here:560 million login credentials found on “Leaky” Database

A huge amount (560 million) of login credentials have been exposed by an insecure online database, most of which were stolen from popular online platforms, during previous data breaches.

The database, was first discovered by the Kromtech Security center and still remains in an un-secured state, and is very much accessible as of the time of writing this article. One of the researchers at the facility Bob Diachenko reported to that the  database contained over  243.6 million unique email addresses, most of which were compromised during previous data breaches at LinkedIn, DropBox, MySpace and many more. (All services have since been secured).

Kromtech discovered the database which they’ve nicknamed “Eddie” after a user profile they found on the storage device, whilst running a routine security audit using Shodan, a search engine that scans internet-connected devices for open ports and databases. According to the research facility, the database is sitting on a device running an insecure version MongoDB, the open source database program which Is known to be easily left vulnerable due to its default setting that any one with any knowledge of the database can bypass.

Kromtech states “We wanted once again to highlight the importance of changing the passwords, because more and more malicious actors seem to exploit the data grabbed from previous leaks and hacks,”

Have I been Pwned!!?

Troy Hunt, a well known security researcher and Owner of the “Have I been Pwned” website, which helps users determine whether their accounts have been hacked, also verified the existence of the database. He compared a sample of the credentials (10,000) in the database against the one on his site, and at least 98% already existed on there. Unlike the leaky database, his site doesn’t display stolen passwords.

There’s a big lesson to learn from this folks.. Make sure to change passwords regularly, and probably invest in a good password manager.

About the author:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.