A crucial list of more than 560 million login information has been exposed by researchers from a leaky database was revealed on Tuesday. The stolen records include passwords and email addresses.
The dataset, which remains insecure, was first discovered this month by the Kromtech Security Center. It was further verified by Troy Hunt, a noted security researcher and the creator of "Have I Been Pwned," a service which helps users determine whether their accounts have been compromised.
The database contains email addresses and passwords from at least 10 popular online services and that include DropBox, LinkedIn, Adobe, LastFM, Tumblr, Neopets, Tumblr, and MySpace and were obtained during security breaches in the recent past.
According to a source, the leak has been confirmed by Troy Hunt from the site "Have I Been Pwned" which helps users find out if their online accounts have been compromised. More so, the identity of the individual who amassed this database is not presently known yet, however, the researchers have taken to calling them "Eddie" after a user profile has been discovered on the storage device.
Kromtech Security Center discovered the unsecured device, which stays active and unprotected by a password, while a routine security check with a search engine called Shodan that scans internet-connected devices for databases and open ports.
Improve Your Passwords
The most secure password in the world is useless if a hacker steals it, however, it becomes more useful if it's not the same password that users use for every single log-in. The advice to anyone who uses the services mentioned is to update your password right away, especially if you haven't used the account for a while or if you are more likely to have used the same password for multiple online accounts. Users can also delete old accounts or enable a two-step verification method.