Brands
Discover
Events
Newsletter
More

Follow Us

twitterfacebookinstagramyoutube
Youtstory

Brands

Resources

Stories

General

In-Depth

Announcement

Reports

News

Funding

Startup Sectors

Women in tech

Sportstech

Agritech

E-Commerce

Education

Lifestyle

Entertainment

Art & Culture

Travel & Leisure

Curtain Raiser

Wine and Food

YSTV

ADVERTISEMENT
Advertise with us

After WannaCry, 56 crore IDs and passwords found on an anonymous, unsecured database

After WannaCry, 56 crore IDs and passwords found on an anonymous, unsecured database

Wednesday May 17, 2017 , 2 min Read

Security researchers, who have been scouring computer systems across the world in order to avert a WannaCry encore, have now stumbled upon a ginormous database -- 56 crore entries, to be precise -- of login details, IDs as well as passwords, of users of around ten sites such as LinkedIn, Tumblr, LastFM, MySpace, Adobe, Neopets, and Dropbox. All of these sites have been victims of data breaches in the past, but have since been secured.

Image : shutterstock

The database contained 24.3 crore unique email IDs, and was discovered by researchers at the Kromtech Security Research Center who stumbled upon a device unprotected by a password, which was running an unsecure version of the open-source database program MongoDBran, during a security audit using Shodan, a search engine that scans internet-connected devices for open ports and databases. The older versions in question reportedly had a faulty default setting, allowing anyone who was fairly savvy to remotely browse database contents.

The information was then run by Troy Hunt, an Australian web security expert, who created the popular data breach search service Have I Been Pwned, which answers 'yes' and 'no' when you feed in your username or email ID in their search tab, to see if it has been compromised. It was found that 98 percent of the 10,000-strong sample Kromtech ran by them was already on his portal -- which means that the perpetrator collated the leaked information from data breaches in the past.

It is still unclear who the curator of this information is, but the fact remains that the data isn't secure. The researchers have taken to calling the individual who amassed this store of data "Eddie”, after a user profile discovered on the storage device.

“The database compiled by 'Eddie'—among others recently loaded into Hunt’s website—show that attackers are weaponising large collections of credentials from a wide variety of sources,” Bob Diachenko, a researcher at Kromtech, said to Gizmodo, adding, "We wanted once again to highlight the importance of changing your passwords, because more and more malicious actors seem to exploit the data grabbed from previous leaks and hacks.”

 To make sure that your details aren't compromised, make sure you change your passwords today, without putting it off and taking it for granted.