Roughly 420,000 records referencing Binance accounts were found among 149 million exposed logins and passwords in a massive unprotected database uncovered by cybersecurity researcher Jeremiah Fowler, highlighting the scale of credential theft impacting crypto users through malware-infected devices. The exposed database, which was publicly accessible and lacked encryption or password protection, contained more than 96 gigabytes of stolen credential data, including email addresses, usernames, passwords, and direct login URLs. Fowler’s findings indicate the credentials were harvested using infostealer malware rather than through direct breaches of the affected platforms.
The presence of Binance-linked records does not suggest a compromise of Binance’s internal systems. Instead, the data appears to have been collected from individual users whose devices were infected with credential-stealing software. Fowler reported that the dataset included credentials tied to a broad range of financial services, crypto wallets, and trading platforms. Alongside the Binance-referenced records, the database contained logins associated with banks, credit cards, and other crypto platforms, highlighting how infostealer malware has become a primary vector for account takeovers.
The dataset’s structure showed signs of organized data collection. Records were indexed using reversed host paths and unique hash identifiers, enabling easy cataloguing by victim and service. According to Fowler, this level of organization increases the likelihood that the credentials could be used in automated credential-stuffing attacks against exchanges and financial platforms.
Beyond consumer and financial accounts, Fowler identified credentials associated with .gov email domains from multiple countries. While not all government accounts provide access to sensitive systems, exposed credentials could be leveraged for impersonation, targeted phishing, or as footholds into official networks. The inclusion of government-linked accounts elevates the incident beyond consumer cybersecurity, introducing potential national security and public safety risks depending on the affected users’ roles.
Fowler said the database had no identifiable owner and was hosted on cloud infrastructure without basic security controls. After discovering the exposure, he reported it directly to the hosting provider. Despite multiple attempts, access was not restricted for nearly a month, during which the number of exposed records continued to increase.
The hosting provider declined to disclose who controlled the database, and it remains unclear how long the data was publicly accessible before Fowler discovered it or whether others accessed it during that period. Although the exposed database has since been taken offline, Fowler warned that once such datasets surface, copies are often redistributed, making the long-term impact difficult to fully contain.
Leave a Reply