An unidentified malware stole 26 million passwords from windows PCs. The malware is yet to be identified by the researchers.
Researchers have discovered a massive trove of sensitive data, a 1.2 TB database containing login credentials, browser cookies, auto-fill data, and payment information extracted by the malware.
Researchers from NordLocker said on Wednesday, the database contained 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.
The discovery comes during an epidemic of security breaches involving ransomware and other types of malware hitting large companies.
Co-founder and CTO of security firm Hudson Rock, Alon Gal, said that such data is often first collected by stealer malware installed by an attacker attempting to steal cryptocurrency or commit a similar type of crime.
Gal said that the attacker “will likely then try to steal cryptocurrencies, and once he is done with the information, he will sell to groups whose expertise is ransomware, data breaches, and corporate espionage,”
People who want to know if their data was swept up by the malware can check the Have I Been Pwned breach notification service, which has just uploaded a list of compromised accounts.
[embedpost slug=”messages-from-unidentified-email-address-might-contain-malware-nitb/”]
