NEW YORK: A major cybersecurity breach has exposed the usernames and passwords of nearly 48 million Gmail users, raising concerns over online security. The database which cybersecurity researchers discovered, contained 96 GB of actual login details because it had no password protection and lacked encryption.
The breach is not the result of a direct hacking attempt on Gmail or other online services. The breach contains information that attackers gathered from previous data breaches and Infostealer malware operations. The attacks used Infostealer malware to invade users’ devices and obtain their usernames and passwords and other confidential data.
The leaked database contains user credentials from various websites which include Yahoo and Instagram and Netflix and Facebook and Outlook. The collection contained information from government bodies and banking institutions and streaming services.
Cybersecurity professionals consider the exposed data to be a major threat because cybercriminals find the information extremely valuable. Cybercriminals will use the stolen credentials to perform credential stuffing attacks because they will test the same login information across different online services.
The unprotected database remained accessible for more than one month before the data was finally removed from the Internet. The experts believe that the malware remains operational while future data breaches will still take place.
Google confirmed the security breach because it admitted the leaked information originated from Infostealer log data. The technology company confirmed that its automated security systems have the capability to detect security breaches within a short time frame by tracking compromised credentials and automatically securing affected accounts while users must reset their passwords.
Security experts implemented a recommendation that all users must immediately change their passwords because of the security breach. The experts suggest that users should create unique passwords for each online service they use, while they should enable two-factor authentication and use password managers or password keys to protect their online accounts.
