One of the biggest data leaks ever released – with about 16 billion logins and passwords like Apple, Google and Facebook – may not be as unheard of as it seems. According to an analysis of the specialized portal CyberNews, part of this information would have been exposed earlier, which can inflate the figures presented.
The investigation indicates that there are duplications, overlays (such as passwords and similar logins on different bases) and even antique leakage data. That is, the volume disclosed does not necessarily represent 16 billion unique credentials.
The report published by CyberNews revealed that the information was gathered from 30 different databases, each containing tens of millions to more than 3.5 billion data.
Continues after advertising
However, despite the number, according to CyberNews himself, “it is safe to say that there are overlapping records,” ie it is not possible to accurately determine how many people or accounts were actually affected. In addition, they cite the existence of duplicate records:
“We do not know exactly how many duplicate records exist, as the leak comes from multiple data sets,” says the portal report.
Although highlighted in the report that “the data is recent and not merely recycled from old violations,” CyberNews recognizes the existence of a set that had already been identified previously:
Continues after advertising
“None of the exposed data sets had been previously reported, except for one: In late May, Wired magazine reported that a security researcher had discovered a ‘mysterious database’ with 184 million records. This number barely entering the top 20 than the team identified.”
Risks
Also according to CyberNews, the data is organized in URL, login and password format, which facilitates the use by groups specialized in cyber attacks. Credentials can be used in automated invasion attempts, which reach any type of online account-from social networks to banking systems.
Continues after advertising
Most passwords have been obtained through infostealer malware – programs that capture everything the victim types, such as logins and bank data, and send this information to malicious operators. Credentials would already be marketed at Dark Web at affordable prices, which increases the risk of attacks.
Wanted, Apple and Facebook reported that they would not comment on the case. Google, in turn, said it does not yet have an official position, but a spokesman said the problem does not result from a failure in the company’s systems.
The companies did not say whether the leak affected Brazilian users.
