Over a million websites have been impacted by the latest hack, including big name destinations like Instagram, eBay and Apple. Other sites affected by the vast data breach include Netflix, Facebook, Amazon, Twitter, and Gmail. In total, experts estimate that some 26 million login credentials were stolen and stashed in a secret database.
Security researchers only stumbled upon the vast database of stolen logins after threat actors accidentally gave up the location themselves.
The threat was highlighted by cyber security researchers at NordLocker, who said Trojan malware was used to steal millions of login details between 2018 and 2020. The database where all the sensitive stolen details were housed was 1.2 terabytes in size, with the logins lifted from 3.25million Windows PCs.
The type of malware used in these attacks can be purchase for as little as £70 and is spread via e-mail and illegally downloaded software such as fake versions of Adobe PhotoShop.
In their analysis online, NordLocker said: “The malware got away with nearly 26 million login credentials (emails or usernames accompanied by passwords) from almost a million websites.”