Summary: Researcher Jeremiah Fowler has uncovered a 96GB unsecured database containing 149 million unique logins and passwords. This is not a single-company breach but a massive collection of “infostealer logs”—data stolen from individual devices by malware and subsequently compiled. The data spans Gmail (48M records), Facebook, Netflix, and even sensitive government email addresses.
Business Impact: High risk of Credential Stuffing. Attackers are using this pre-categorized list to automate takeovers of corporate enterprise systems. For your clients in Bahrain, this likely includes personal accounts used for “Shadow IT,” providing an easy entry point into corporate environments.
Why It Happened: The rise of “Infostealer-as-a-Service” allows low-skill actors to harvest credentials at scale. This specific database was left publicly accessible without a password, allowing anyone with the IP to download nearly 150 million sets of credentials.
Recommended Executive Action: Mandate a company-wide password reset for any personal accounts linked to corporate recovery emails. Enforce hardware-based MFA (FIDO2) to render stolen passwords useless.
Hashtags: #DataLeak #Infostealers #CredentialStuffing #MFA #CyberSecurity #Privacy