96GB database collected with malware released without protection… including financial and government accounts
Infostealer infections surge by 104% compared to the previous year… Warning, “You can commit a crime with 290,000 won per month”
48 million Gmail passwords leaked… 149 million personal information exposed to hacking
View enlarged image
Security expert Jeremiah Fowler(Jeremiah Fowler)As the world discovers large databases left without encryption or password protection, 1100 million 4900It was confirmed that over 10,000 account details were exposed without protection..
Wired, a media outlet specializing in information technology, 22Day(local time) This database is Gmail 480010,000 cases, Facebook 170010,000 virtual asset exchange Binance accounts 42It was reported that it included 10,000 cases.. Fowler shared his findings with security company Express.VPN(ExpressVPN)shared with, The database is analyzed to have been indiscriminately collected with malicious code..
Access to government systems… “criminal’s dream“
Fowler was exposed online and accessible to anyone. 1100 million 4900Information on over 10,000 accounts(96GB)I found it and reported it to the hosting company.. The company immediately deleted the relevant data based on violation of its terms of use..
The leaked information includes personal e-mail and social networking service accounts as well as access information to government systems in several countries., Bank and credit card login information, Even media streaming service accounts are covered.. Fowler said in an interview with Wired: “It’s like a dream list for criminals.“as “Data collected includes Gmail account 4800In addition to 10,000 cases, Yahoo 40010,000 cases, Microsoft Outlook 15010,000 cases, Apple iCloud 9010,000 cases, Academic Institution Account 140Ten thousand cases were included.“He said.
In addition to TikTok(7810,000 cases), OnlyFans(1010,000 cases), netflix(34010,000 cases) A large number of account information from popular services such as. Fowler added that even during the month of contact with the hosting company, the database was growing in real time, accumulating new information..
month 29A crime is possible for 10,000 won… cyber attack industrialization
Security experts say Infostealer is the main culprit of this information leak.(Infostealer) Malicious code was pointed out. Infostealer infects a device and uses keylogging to record what the user types.(Keylogging) Intercepting information through technology.
Fowler “The system was automatically classifying each log by assigning a unique identifier.“as “It is characterized by an easy-to-search structure so that buyers can select and purchase only the information they want.“It was analyzed that.
The proliferation of automated tools is significantly lowering the threshold for cybercrime. Alan Liska, threat intelligence analyst at security firm Recorded Futures(Allan Liska)Is “The cost of renting Infostealer infrastructure is monthly. 200~300dollar(approximately 29only~4310,000 won) water level“He said “Anyone can obtain information on hundreds of thousands of accounts for less than a car payment.“pointed out.
Security company Huntress 2025According to the 2018 Cyber Threat Report: 200As a result of analyzing more than 10,000 endpoints, infostealer detections increased compared to the previous year. 104% appeared to increase. security company That wasIn a recent report 2024Only in years 43010,000 devices infected with Infostealer 39It was revealed that billions of passwords were leaked..
In the industry, these databases go beyond simple information leaks and are used for voice phishing., financial fraud, Theft of national secrets, etc. 2Attention is being paid to the fact that cars are used as a key asset in crime.. Market participants say that this incident is a representative example of how large-scale data left unattended due to security configuration errors can lead to fatal consequences..
Multi-step authentication required… Immediate security check
Experts emphasize that active personal security checks are urgently needed to respond to the threat of automated information theft.. first of all ‘Have I Empty Phone(Have I Been Pwned)’Leak confirmation sites such as Google or Google ‘Password check‘ This feature allows you to immediately find out if your account has been leaked..
In particular, it is difficult to prevent the intrusion of infostealers with just a password., Multi-factor authentication that uses a separate app or biometrics in addition to ID and password(MFA) Activation is essential. Security industry insiders “Google has higher security than text authentication OTP Using an app-based authenticator, etc., Simply using a management tool that generates random passwords for each site can protect your assets from most cybercriminals.“advised.
Global Economics Reporter Park Jeong-han park@g-enews.com
