Threats Tagged 'exposed'

A massive data leak exposed approximately 24 billion stolen credentials collected from various sources including infostealer logs, Telegram cybercrime channels, and breach compilations. The data included usernames, email addresses, plaintext passwords, and associated service URLs. The leak was discovered in an exposed Elasticsearch cluster containing over 8.3 terabytes of data. The database was taken offline shortly after discovery, limiting further investigation. The exposed credentials put billions of accounts at risk of takeover, especially those without multi-factor authentication enabled. The data owner appeared to actively update the collection with recent breach information. No specific software versions are affected as this is a data breach event rather than a software vulnerability.

A report reveals that over 2,000 AI-built applications created on vibe-coding platforms are publicly exposed on the internet without adequate access controls, often granting admin access by default. These applications connect directly to corporate production systems and contain sensitive corporate, operational, or personal data. The exposure results from employees building and deploying these apps without IT or security oversight, exploiting gaps in traditional security tools that do not monitor session-layer activities or custom AI-built applications. This risk surface spans multiple industries and continents and persists despite mature security stacks. The issue is not due to malicious intent but rather the lack of governance and visibility over these new AI-driven development workflows.