A huge database containing more than 2.7 billion email addresses was uncovered online through a joint investigation between cybersecurity firm Comparitech and security researcher Bob Diachenko on December 4, 2019.
According to the experts, the database, which was indexed on the BinaryEdge search engine on December 1, was left exposed on the web without any authentication or security. Moreover, the team was also able to discover that over one billion of those records also contained a plain-text password associated with the email addresses.
Based on the investigation, the researchers were able to identify that the majority of the exposed emails were from Chinese domains, including qq.com, 139.com, 126.com, gfan.com, and game.sohu.com.
However, both Comparitech and Bob Diachenko failed to trace down the owner of the database. With this, Diachenko has no choice but to reach out to the ISP where the IP address of the exposed database was hosted. It was not only until December 9th that the data was finally shut down.
“Upon verification, we concluded that all the emails with passwords originated from the so-called Big Asian Leak, first uncovered by HackRead. In January 2017, a dark web vendor was selling the records that included passwords,” revealed Comparitech in a statement, referring to a past event where 1 billion user accounts have been stolen and put on sale on the dark web.
The security film also clarified that although the leaky database is now inaccessible, there is no assurance that no one has accessed it in the meantime.
“In all, the data was exposed for more than a week, giving malicious parties sufficient time to find it and copy it for their own purposes,” the company said.
“The database appeared to be updating and getting larger in real-time. The number of accounts increased from 2.6 to 2.7 billion between the time we sent notification and when the database was taken down,” it added.
The recent discovery comes as the latest addition to the list of various databases discovered online containing personal information of millions of people. According to Comparitech, security issues like this can be used for credential stuffing, which involves hackers logging into different accounts using known email and passwords for spam, phishing, fraud, theft, and more.
“Affected users should immediately change their email account passwords, as well as any other accounts that share the same password,” the firm advised.