Security researchers have discovered a massive database of login credentials, stolen from as many as 10 popular online services. It consists of more than 560 million emails and passwords, all put together by someone unknown.
The dataset, which remains insecure, was first discovered by the Kromtech Security Center.
After reviewing a sample set of 10,000 credentials with Troy Hunt, they found that most of the information (up 98 percent of the passwords and email addresses) is already on Hunt’s Have I Been Pwned, a website which allows users to see if their accounts have been compromised in previous data breaches.
What this means, most of the information contained on this leaked database was already compromised during previous incidents at sites such as LinkedIn, LastFM, Tumblr, and Dropbox.
The identity of the individual who amassed this database is not known. The researchers have been calling the person "Eddie", a name that was discovered on the storage device. Kromtech researcher Bob Diachenko, said that the device is running an unsecured version of the open-source database program MongoDB, and the databases comes from the XSplit dataset
Kromtech found this massive leak when they were doing security audit with Shodan, a search engine that scans internet-connected devices for open ports and databases.
"We wanted once again to highlight the importance of changing the passwords, because more and more malicious actors seem to exploit the data grabbed from previous leaks and hacks," said Diachenko.