A massive data breach involving a 47GB database has exposed over 184 million records, placing individuals at significant risk of identity theft and cybercrime. The leaked data included login credentials tied to major global platforms such as Microsoft, Google, Apple, Facebook, PayPal, and Netflix. In addition, sensitive accounts linked to banks, health services, and government websites were also compromised.
Cyber security researcher Jeremiah Fowler uncovered the unsecured Elastic search database, which lacked both encryption and password protection. He promptly reported the breach to Website Planet, revealing that the database contained hundreds of millions of user credentials, including more than 220 government-associated email addresses from at least 29 countries, including the US, UK, and China.
Pakistan is also included in these countries. National CERT (National Cyber Emergency response team of Pakistan) has advised users to immediately change their important passwords and enable two-factor verification. In this regard, a cyber-security alert was issued yesterday, stating that one should avoid clicking on suspicious links or emails related to password resets and monitor their accounts in case of unusual activity. You can read the complete advisory by clicking on the link given below
Click here: https://pkcert.gov.pk/advisory/25/30.pdf
Following the discovery, the database was quickly taken offline by the hosting provider, World Host Group, after Fowler alerted them. However, it remains unknown how long the sensitive data was publicly accessible or whether it had been accessed by malicious actors before being secured.
The scale and scope of the breach are alarming, with exposed credentials spanning corporate, governmental, and personal accounts. Security experts warn that the compromised data significantly heightens the risk of phishing, account takeovers, and financial fraud.
While the immediate threat has been mitigated by taking the database offline, the incident highlights ongoing vulnerabilities in data storage practices and the critical need for better security protocols, especially for datasets involving sensitive or high-value personal information.
