Hackers Expose 184 Million User Passwords via Open Directory

A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique logins and passwords—totaling 47.42 GB of raw credential data.

The exposed records included sensitive information such as emails, usernames, passwords, and direct URLs to login pages for a wide variety of services.

These ranged from popular social media platforms like Facebook, Instagram, and Snapchat to financial, health, and even government portals across multiple countries.

The database was neither password-protected nor encrypted, leaving it vulnerable to anyone who stumbled upon it.

Fowler reported the breach to the hosting provider, which quickly restricted public access. However, the true owner of the database remains unknown, as the Whois registration is private and the associated domains are either parked or unregistered.

It is unclear whether the data was collected for legitimate research or criminal purposes, or how long it was exposed before discovery.

Infostealer Malware and Attack Vectors

The exposed data displayed clear indicators of being harvested by infostealer malware, a type of malicious software engineered to extract sensitive information from infected systems.

Infostealers typically target credentials stored in web browsers, email clients, and messaging apps.

More advanced variants can pilfer autofill data, cookies, crypto wallet information, and even capture screenshots or log keystrokes1.

Cybercriminals commonly deploy infostealers using methods such as phishing emails, malicious websites, or cracked software.

Once activated, the malware exfiltrates data to remote servers, where it is either sold on dark web marketplaces and Telegram channels or used directly for fraud, identity theft, or further cyberattacks.

The breach included files labeled “senha” (Portuguese for “password”) and referenced major platforms like Google, NHS, Microsoft, Discord, and Snapchat1.

A technical example of a credential stuffing attack—one of the most common exploitation methods—might use a script similar to:

pythonimport requests

def credential_stuffing(url, credentials):
    for email, password in credentials:
        response = requests.post(url, data={'email': email, 'password': password})
        if response.status_code == 200:
            print(f"Valid credentials found: {email}:{password}")

Such scripts automate login attempts across multiple sites, exploiting reused credentials and weak passwords.

Risks, Legal Implications, and Protective Measures

The scale and diversity of the breach present significant risks:

• Credential Stuffing Attacks: Automated scripts test stolen credentials across hundreds of sites, often resulting in unauthorized access if users recycle passwords.
• Account Takeovers (ATOs): Accounts lacking two-factor authentication (2FA) are especially vulnerable, enabling attackers to access personal or corporate data, potentially leading to identity theft or financial fraud1.
• Phishing and Social Engineering: Even outdated passwords can make phishing attempts more convincing, as attackers can reference previous credentials to build trust.

From a legal standpoint, possessing or distributing stolen credentials is a serious crime under laws such as the U.S. Computer Fraud and Abuse Act (CFAA) and the EU’s General Data Protection Regulation (GDPR)1.

Recommended Security Measures:

• Change passwords regularly and never reuse them across accounts.
• Enable 2FA wherever possible.
• Use password managers to generate and store complex, unique passwords.
• Monitor accounts for suspicious activity and use breach-checking services.
• Keep antivirus software updated and consider advanced Endpoint Detection & Response (EDR) solutions for proactive threat monitoring1.

This incident underscores the critical importance of robust cybersecurity hygiene for both individuals and organizations, as well as the ongoing threat posed by infostealer malware in the digital landscape.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!