The online world has once again fallen victim to a major cyber attack. In this major data breach in the US, personal information of about 184 million users has been leaked. The leaked data includes sensitive details such as email IDs, passwords and direct log-in links.
Cybersecurity expert Jeremiah Fowler discovered an unsecured database, which was publicly available online. This database was linked to several giant companies – Apple, Google, Meta (Facebook and Instagram), Microsoft – as well as banking portals, crypto wallets and government service
The leaked records revealed log-in credentials of several major platforms:
Apple – iCloud and iTunes accounts
Google – Gmail, Drive, Google Workspace
Meta – Facebook, Instagram
Microsoft – Outlook, Office 365, Teams
Along with this, many government service portals and banking platforms have also come under the grip of this leak.
In previous data breaches, passwords were usually encrypted, but this time plain-text passwords have come to the fore. Besides, the presence of direct log-in links has further increased the threat, allowing hackers to access users' accounts without entering a password.
According to the report, this database was probably hosted on platforms like AWS, Google Cloud or Microsoft Azure, where security settings were missed. According to an IBM report, 82% of last year's data breaches were cloud-related, the main reason for which was incorrect access control.
How can you stay safe?
Change all passwords immediately.
Activate multi-factor authentication (MFA).
Check whether your data has been leaked or not with tools like Google Password Checkup.
Set real-time alerts on bank and credit cards.
Prakash Kumar Pandey