Cybersecurity expert weighs in on Signal app leak
Top national security officials for President Donald Trump, including his defense secretary, texted plans for upcoming military strikes in Yemen to a group chat in a secure messaging app that included the editor-in-chief for The Atlantic. LiveNOW from FOX host Josh Breslow spoke to cybersecurity expert, Robert Pritchard, on the latest.
More than 184 million passwords and other login information – including Google, Apple and government accounts – were exposed through a mysterious, publicly exposed database that has since been taken offline.
In a recent blog post, Jeremiah Fowler, a longtime cybersecurity researcher, said the database wasn’t password-protected or encrypted, and it had 184.2 million logins and passwords – more than 47 Gigabytes of raw data.
‘A dream come true for cyber criminals’
What we know:
Fowler believes the exposed data may have been obtained by using a type of “infostealer malware,” a malicious software that can infect a system and extract sensitive information, like the kind stored in web browsers, email accounts and messaging apps.
RELATED: Medusa ransomware: CISA issues email security warning
The database is hosted by World Host Group, a company that manages operating systems for more than 2 million websites, according to Wired. But this mysterious trove of logins and other personal information is “an unmanaged server” fully controlled by a fraudulent user, the company said.
What we don’t know:
Fowler hasn’t confirmed exactly how the data was collected, but he says there’s a lot of evidence pointing to the info-stealing malware. Cybercriminals often deploy the malware through phishing emails, malicious websites or cracked software, he said. The stolen data is typically shared on the dark web and Telegram channels or used to commit fraud, identity theft or more cyber attacks.
(Photo Illustration by Thomas Imo/Photothek via Getty Images)
What they’re saying:
“The database contained login and password credentials for a wide range of services, applications, and accounts, including email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more,” Fowler wrote. “I also saw credentials for bank and financial accounts, health platforms, and government portals from numerous countries that could put exposed individuals at significant risk.”
Why you should care:
Fowler said millions of people keep years’ worth of sensitive information in their email accounts – including tax documents, medical records, passwords and more. If cybercriminals have access, you are at risk of having your data stolen.
What you can do:
Fowler recommends keeping track of which sensitive data is stored in your email account and deleting emails that contain important files. He said to use an encrypted cloud storage method instead of email if you have to share personal information.
If you’re still using the same passwords on multiple accounts and devices, you’re making it easier for cybercriminals to gain unauthorized access by using automated scripts to try login and password combinations for thousands of websites.
“Even if one account is still active and they gain unauthorized access, it could create serious security risks and open the door to a wide range of potential attacks,” Fowler wrote.
Read his full blog on Website Planet here.
The Source: This report includes information from Jeremiah Fowler’s post on Website Planet.
