2.7 billion email addresses & plain-text passwords exposed online
by Waqas, Hackread.com December 11th, 2019
Comparitech along with IT security researcher Bob Diachenko, have discovered a massive trove of login credentials that were exposed to public access without any authentication or security.
In 2017, HackRead exclusively reported about DoubleFlag, a hacker who was selling one billion user accounts stolen from several Chinese Internet giants including QQ, Sina, and Tencent, etc. Now, the same data has been identified to be hosted on an exposed IP address.
According to a blog post from Comparitech, the database was home to over 2.7 billion email addresses along with 1 billion passwords in plain-text format. In total, the database contained 1.5 TB of data which is ideal for cyber criminals to carry out spam and other malicious attacks.
The database was discovered on December 1st, 2019 indexed on the BinaryEdge search engine. The owner of the database could not be identified therefore Diachenko contacted the ISP where the IP address of the exposed database was hosted and on December 9th, the access to the data was shut down.
However, what’s noteworthy is that the database updated itself with new records. For instance, when the database was identified it contained 2.6 billion records but it increased to 2.7 billion while researchers carried out background checks on the exposed data.