The database was discovered via the Shodan search engine, which searches the web for open ports and unprotected files and devices like this one. What’s worse is the fact that those same security researchers identified nearly a dozen databases with either limited security or none at all, in addition to the one being reported here, which collectively contain several terrabytes of data.
The researchers were quick to point out that after analyzing a small subset of the data consisting of ten thousand records, it was determined that more than 98 percent of the records on file here are from previously reported large scale data breaches. Those breaches include LinkedIn, DropBox, MySpace, Adobe, Tumblr and others, so this isn’t evidence of a new breach, but a massive collection effort designed to centralize the data.
The only obvious purpose for such a collection effort would be to weaponize the accounts as part of a massive hacking campaign.
If it’s been a while since you’ve updated your passwords, now is the time. If you aren’t yet using a good password manager, it’s probably well past time to start doing that as well. If you don’t already make use of the excellent, free website created by Troy Hunt called “Have I Been Pwned,” you should probably check your email account today to see if it’s been caught in any of the recent high-profile data breaches.
This is a problem that’s not going away on its own, and it’s likely to get worse as the year rolls on. Don’t allow inaction to make you a victim. Change your passwords today, and if you’re still one of the legion of people who use the same password on multiple web properties, it’s time to bring that practice to an end as well. Read What You Should Know About Passwords if you are one of those.