A large number of login certificates with more than 16 billion login certificates from leading online service providers, including Apple, Google and Facebook, have been leaked, potentially affecting Crypto holders.
According to Friday Reportthe network research team reviewed “30 exposed data sets containing tens of millions to more than 3.5 billion records.” Overall, it was “a huge 16 billion exposed login certificates.”
“Naked datasets have not been reported before, and a (…) ‘mysterious database’ has 184 million records,” the report reads. Most databases contain an average of 550 million entries, while the smallest 16 million entries are.
Cybernews warns that this could become the basis for “massive exploitation” by providing “massive, fresh, weapon-friendly intelligence.” It is reported that most of the data has been exposed without collateral Elasticsearch or object storage instance.
Related: Coinbase data leaks can put users in physical danger: TechCrunch founder
Most major services hit
Cybernews says the data allows “nearly every online service imaginable from Apple, Facebook and Google to Github, Telegram and various government services.” The data also includes material dumps, including tokens, cookies and metadata, which is particularly dangerous for organizations lacking multifactor authentication.
According to the report, the original owner of the data is not yet known. However, “it is actually guaranteed that certain leaked data sets are owned by cybercriminals.”
Related: Millions of OpenSea user emails are now fully public in 2022: Slowmist
Consequences of the crypto industry
The cryptocurrency industry could face serious impacts due to the leak. Security analysts expect target account takeover attempts to increase using leaked credentials, especially for held credentials or platforms related to email access.
Some wallets also use password-based seed phrases stored in cloud services, which can allow attackers to try to obtain private keys.
Depending on the extent and success of these attacks, communication may decide to ask users to change their passwords or take tougher measures to prevent loss of assets.
The vulnerability also highlights persistent issues such as password reuse and weak authentication practices. Encrypted users should update their password immediately, enable 2FA and avoid storing recovery phrases in an unresisting digital environment.
Magazine: Cryptocurrency: Evolve Bank suffers data breach, Turbo Toad enthusiasts lose 3.6K
