Database of millions of passwords and cookies stolen by malware discovered


 Researchers have discovered an unsecured database that contained millions of passwords, cookies, images and text files stolen by malware. The malware in question spread via pirated software and email and infected more than 3.2 million computers in recent years, cloud storage service NordLocker said .


Nearly 26 million credentials for nearly one million websites were stolen from the compromised systems, as well as two billion cookies and 6.6 million files. Half of the stolen files are text files. The malware also stole more than 1 million images. After the infection, the malware also took a screenshot of the computer and, if present, a photo via the webcam.


NordLocker reported the open database to the US government's Computer Emergency Readiness Team (US-CERT) and the cloud provider where it was hosted. The database was then taken offline. 1.1 million unique email addresses collected by the malware have been added to data breach search engine Have I Been Pwned. The search engine allows users to see if their data is in known data breaches.


Of the 1.1 million email addresses, 38 percent were already known to Have I Been Pwned through another data breach. Since this is a "sensitive" data breach, it is not possible to search for it publicly. Users are only notified when they submit their email address to Have I Been Pwned's notification service, reports Troy Hunt , creator of the data breach search engine.

Previous Post Next Post