Security researchers, who have been scouring computer systems across the world in order to avert a WannaCry encore, have now stumbled upon a ginormous database — 56 crore entries, to be precise — of login details, IDs as well as passwords, of users of around ten sites such as LinkedIn, Tumblr, LastFM, MySpace, Adobe, Neopets, and Dropbox. All of these sites have been victims of data breaches in the past, but have since been secured.
The database contained 24.3 crore unique email IDs, and was discovered by researchers at the Kromtech Security Research Center who stumbled upon a device unprotected by a password, which was running an unsecure version of the open-source database program MongoDBran, during a security audit using Shodan, a search engine that scans internet-connected devices for open ports and databases. The older versions in question reportedly had a faulty default setting, allowing anyone who was fairly savvy to remotely browse database contents.
The information was then run by Troy Hunt, an Australian web security expert, who created the popular data breach search service Have I Been Pwned, which answers ‘yes’ and ‘no’ when you feed in your username or email ID in their search tab, to see if it has been compromised. It was found that 98 percent of the 10,000-strong sample Kromtech ran by them was already on his portal — which means that the perpetrator collated the leaked information from data breaches in the past.
It is still unclear who the curator of this information is, but the fact remains that the data isn’t secure. The researchers have taken to calling the individual who amassed this store of data “Eddie”, after a user profile discovered on the storage device.
“The database compiled by ‘Eddie’—among others recently loaded into Hunt’s website—show that attackers are weaponising large collections of credentials from a wide variety of sources,” Bob Diachenko, a researcher at Kromtech, said to Gizmodo, adding, “We wanted once again to highlight the importance of changing your passwords, because more and more malicious actors seem to exploit the data grabbed from previous leaks and hacks.”